Primary

Context

Krajowa Izba Rozliczeniowa Szafir SDK Authentication Bypass Vulnerability via Improper Digital Signature Verification

Vulnerability

Patched

A vulnerability in Szafir SDK allows for authentication bypass and user impersonation by incorrectly validating digital signatures. The SDK returns a success status code for signature verification even when the trust status of the signer's certificate is undetermined. This flaw enables applications using Szafir SDK to accept signatures as valid without a verified certificate chain. The issue affects all versions of Szafir SDK prior to 463.

Impact

Exploitation of this vulnerability allows for authentication bypass and user impersonation in applications using Szafir SDK.

Remediation

Users can upgrade to Szafir SDK version 463 or later to address this vulnerability.

Added: May 26, 2026, 7:45 PM

Updated: May 26, 2026, 7:45 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

0.0

relevance

9.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

0.0

relevance

9.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Krajowa Izba Rozliczeniowa Szafir SDK Authentication Bypass Vulnerability via Improper Digital Signature Verification

Vulnerability

Impact

Remediation

Affected Products

Krajowa Izba Rozliczeniowa Szafir SDK

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating