Primary

Context

Streamsoft Prestiż Weak Encoding Vulnerability in KSeF Token Allowing Token Guessing

Vulnerability

A vulnerability exists in Streamsoft Prestiż software versions 12.2.363.17 through 20.0.380.91, due to the use of a custom token encoding algorithm. This flaw allows the KSeF (Krajowy System e-Faktur) token value to be guessed by analyzing the encoding of tokens with known values. The vulnerability is categorized as weak encoding for passwords.

Impact

Exploitation of this vulnerability could lead to unauthorized guessing of KSeF token values, potentially allowing for manipulation or unauthorized actions within the KSeF system.

Remediation

Users can upgrade to Streamsoft Prestiż version 20.0.380.92 or later to address this vulnerability.

Added: Mar 12, 2026, 1:19 PM

Updated: Mar 12, 2026, 1:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Streamsoft Prestiż Weak Encoding Vulnerability in KSeF Token Allowing Token Guessing

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating