Vulnerability in Krajowa Izba Rozliczeniowa Szafir Sdk
CVE-2026-9058
Szafir SDK returns a success status code from the cryptographic digital signature verification process (i.e. /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0, "Positively verified") even when the trust status of the signer…
EPSS: 0.000 (13.8th percentile) — read the EPSS interpretation.
Affected products
- Krajowa Izba Rozliczeniowa Szafir Sdk — versions 0
Weakness classification (CWE)
References
- cvd@cert.pl (third-party-advisory)
- cvd@cert.pl (product)