Filtered by vendor Krajowa Izba Rozliczeniowa
Subscriptions
Filtered by product Szafir Sdk
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-9058 | 1 Krajowa Izba Rozliczeniowa | 1 Szafir Sdk | 2026-05-27 | N/A |
| Szafir SDK returns a success status code from the cryptographic digital signature verification process (i.e. /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0, "Positively verified") even when the trust status of the signer's certificate could not be established (i.e. /VerifyingTaskItem/Signature/VerificationResult/SigningCertificate/@certificateType == "nondetermined"). This causes consuming applications to incorrectly treat the signature as valid despite an unverified certificate chain, enabling authentication bypass and user impersonation. This issue was fixed in version 463. | ||||
Page 1 of 1.