PT-2026-29741 · Unknown · Szafir Sdk Web+1
Michał Leszczyński
·
Published
2026-04-02
·
Updated
2026-04-02
·
CVE-2026-26927
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Szafir SDK Web versions prior to 0.0.17.4
Description
The Szafir SDK Web browser plug-in allows launching the SzafirHost application, which downloads necessary files upon execution. An unauthenticated attacker can manipulate the URL (HTTP Origin) of the application call location. Specifically, the
document base url parameter lacks validation, enabling an attacker to craft a website that launches SzafirHost with arbitrary arguments. The attacker-controlled URL is displayed in an application confirmation prompt. If a victim confirms execution, the application runs within the context of the attacker's website, potentially downloading malicious files and libraries. Accepting execution with the 'remember' option bypasses the prompt, allowing silent execution within the attacker's context.Recommendations
Update Szafir SDK Web to version 0.0.17.4 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Szafir Sdk Web
Szafirhost