Vulnerability in Streamsoft Prestiż

CVE-2026-0809

Use of a custom token encoding algorithm in Streamsoft Prestiż software allows the value of the KSeF (Krajowy System e-Faktur) token to be guessed after analyzing how tokens with know values are encoded. This issue was fixed in version 20…

EPSS: 0.001 (19.3th percentile) — read the EPSS interpretation.

Affected products

Streamsoft Prestiż — versions 12.2.363.17

Weakness classification (CWE)

CWE-261 — Weak Encoding for Password

References

www.streamsoft.pl/streamsoft-prestiz/ (product)
cert.pl/posts/2026/03/CVE-2026-0809 (third-party-advisory)