Arbitrary file upload in Krajowa Izba Rozliczeniowa Szafirhost
CVE-2026-13165
SzafirHost verifies the downloaded native library archive with one JarFile parser (reading the Central Directory) but extracts native libraries with JarInputStream parser (reading sequentially from local file headers). An attacker who cont…
Vulnerability class: Unrestricted File Upload
Affected products
- Krajowa Izba Rozliczeniowa Szafirhost — versions 0
Weakness classification (CWE)
References
- cvd@cert.pl (third-party-advisory)
- cvd@cert.pl (product)