ctipilot.ch

Home · Briefs · CTI Daily Brief — 2026-05-26

CVE-2026-9058 — Szafir SDK (KIR): signature-verification routine reports success on an untrusted certificate chain, enabling auth bypass in Polish e-government

From CTI Daily Brief — 2026-05-26 · published 2026-05-26

CERT Polska disclosed CVE-2026-9058, an improper-certificate-validation flaw (CWE-393 / CWE-637) scored CVSS 4.0 9.3 (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N) in Szafir SDK, the qualified-electronic-signature library developed by clearinghouse Krajowa Izba Rozliczeniowa (KIR) and embedded across Polish public-administration systems (CERT Polska, 2026-05-25; ENISA EUVD-2026-31679, 2026-05-25). The defect is precise and instructive: the SDK returns the success code /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0 ("Positively verified") from cryptographic signature verification even when the signer certificate's trust status is nondetermined — i.e. the chain could not be validated to a trusted root. A consuming application that gates on the result code alone treats a signature backed by an unverifiable or attacker-supplied certificate as valid, yielding authentication bypass and user impersonation without possession of a legitimate qualified certificate (T1606). Any application that consumes Szafir to accept qualified electronic signatures is therefore exposed to forged-signature acceptance — squarely the qualified-signature use case across Polish e-government and regulated industry; the issue is fixed in version 463.

This clears the § 2 bar on ENISA EUVD CVSS ≥ 9.0 and as a national-CERT primary disclosure for its own jurisdiction. Defender action beyond upgrading to ≥ 463: applications must validate the certificate trust status independently of the result code — check …/SigningCertificate/@certificateType != "nondetermined" before accepting the signature — and audit verification logs for events where Result/@code == 0 coincided with a nondetermined certificate, which indicates likely abuse. The broader lesson generalises to any CH/EU qualified-signature stack: never collapse "cryptographically intact" and "anchored to a trusted root" into a single boolean. No in-the-wild exploitation is reported.