Vulnerability in Krajowa Izba Rozliczeniowa Szafirhost

CVE-2026-26928

SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that lis…

EPSS: 0.000 (1.0th percentile) — read the EPSS interpretation.

Affected products

Krajowa Izba Rozliczeniowa Szafirhost — versions 0

Weakness classification (CWE)

CWE-354 — Improper Validation of Integrity Check Value

References

cert.pl/posts/2026/04/CVE-2026-26927 (third-party-advisory)
www.elektronicznypodpis.pl/ (product)