PT-2026-29742 · Unknown · Szafirhost
Michał Leszczyński
·
Published
2026-04-02
·
Updated
2026-04-02
·
CVE-2026-26928
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
SzafirHost versions prior to 1.1.0
Description
The application does not verify the hash or vendor's digital signature of uploaded DLL, SO, JNILIB, or DYLIB files. This allows an attacker to provide a malicious file, which is saved in the user's /temp folder and then executed by the application.
Recommendations
Update to version 1.1.0 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Szafirhost