ctipilot.ch

KIR SzafirHost — JAR zip-polyglot signature-verification bypass enables RCE in Polish qualified e-signature browser helper (CERT-PL coordinated disclosure)

cve · CVE-2026-44088

Coverage timeline
2
first 2026-05-17 → last 2026-05-17
Briefs
1
1 distinct
Sources cited
2
2 hosts
Sections touched
2
action_items, active_threats
Co-occurring entities
1
see Related entities below

Story timeline

  1. 2026-05-17CTI Daily Brief — 2026-05-17
    active_threatsFirst coverage. JarInputStream signature-check / JarFile class-load split-brain enables polyglot bypass; patch SzafirHost 1.2.1; direct Polish public-administration impact through eIDAS QES workflows.
  2. 2026-05-17CTI Daily Brief — 2026-05-17
    action_itemsAction: audit Polish QES workflows for SzafirHost 1.2.1 deployment.

Where this entity is cited

  • active_threats1
  • action_items1

Source distribution

  • cert.pl1 (50%)
  • euvd.enisa.europa.eu1 (50%)

Related entities

External references

NVD · cve.org · CISA KEV

All cited sources (2)

Items in briefs about KIR SzafirHost — JAR zip-polyglot signature-verification bypass enables RCE in Polish qualified e-signature browser helper (CERT-PL coordinated disclosure) (1)

CERT-PL CVE-2026-44088 — SzafirHost JAR zip-polyglot bypass in Poland's qualified e-signature browser helper

From CTI Daily Brief — 2026-05-17 · published 2026-05-17 · view item permalink →

CERT Polska disclosed CVE-2026-44088 on 2026-05-15 — a class-loading split-brain in SzafirHost, the browser-integration component of Poland's Szafir qualified electronic signature (QES) ecosystem operated by KIR (Krajowa Izba Rozliczeniowa), an eIDAS-recognised qualified trust service provider (CERT-PL, 2026-05-15). ENISA's EUVD entry EUVD-2026-30512 records the CVSS 4.0 base 8.6 score used in this brief's footer; CERT-PL's own write-up does not publish a numeric CVSS. SzafirHost is the helper that downloads and loads signed JAR plugins to bridge smart-card signing into Chrome, Firefox, and Opera. The bug abuses how Java parses the same archive two different ways: JarInputStream validates the JAR's code-signing certificate by reading from the start of the file, while JarFile / URLClassLoader loads actual classes from the ZIP Central Directory at the end. CERT-PL states verbatim: "It can lead to remote code execution by allowing an attacker to combine a genuine, signed JAR file with a malicious ZIP file, causing the verification to pass but the malicious class to be loaded." An attacker who controls the JAR download path (MitM on the SzafirHost CDN/update channel, DNS interception, or a compromised mirror) can therefore execute arbitrary code inside SzafirHost — and silently sign fraudulent documents in the context of an authenticated KIR user session. Technique class: T1574.002 DLL Side-Loading equivalent for Java class-path hijack. Patched in SzafirHost 1.2.1. Why it matters to us: Szafir QES is one of the established Polish qualified signature ecosystems used in Polish public procurement, court e-filing, tax administration and healthcare e-signature workflows. Under eIDAS, qualified electronic signatures issued by a Polish QTSP enjoy cross-border legal recognition across EU member states and Switzerland's eIDAS-equivalent framework. A successful zip-polyglot attack against the SzafirHost JAR download path silently weaponises every signature produced on the compromised endpoint — an integrity-class failure that breaks the assumption baseline for eIDAS-trust documents wherever Polish QES output is consumed.