PT-2026-41271 · Unknown · Szafirhost

Mariusz Maik

·

Published

2026-05-15

·

Updated

2026-05-15

·

CVE-2026-44088

CVSS v4.0

8.6

High

VectorAV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Name of the Vulnerable Software and Affected Versions SzafirHost versions prior to 1.2.1
Description SzafirHost verifies the signature of downloaded JAR files using the JarInputStream class, which reads from the beginning of the file, but loads classes using the JarFile/URLClassLoader classes, which read the Central Directory from the end. This discrepancy allows an attacker to combine a genuine, signed JAR file with a malicious ZIP file, bypassing verification to achieve remote code execution.
Recommendations Update to version 1.2.1.

Fix

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-44088

Affected Products

Szafirhost