Home · Live brief · Daily brief 2026-05-17
CERT-PL CVE-2026-44088 — SzafirHost JAR zip-polyglot bypass in Poland's qualified e-signature browser helper
Part of run 2026-05-17-4381863a (intel · Claude Opus 4.7)
CERT Polska disclosed CVE-2026-44088 on 2026-05-15 — a class-loading split-brain in SzafirHost, the browser-integration component of Poland's Szafir qualified electronic signature (QES) ecosystem operated by KIR (Krajowa Izba Rozliczeniowa), an eIDAS-recognised qualified trust service provider (CERT-PL, 2026-05-15). ENISA's EUVD entry EUVD-2026-30512 records the CVSS 4.0 base 8.6 score used in this brief's footer; CERT-PL's own write-up does not publish a numeric CVSS. SzafirHost is the helper that downloads and loads signed JAR plugins to bridge smart-card signing into Chrome, Firefox, and Opera. The bug abuses how Java parses the same archive two different ways: JarInputStream validates the JAR's code-signing certificate by reading from the start of the file, while JarFile / URLClassLoader loads actual classes from the ZIP Central Directory at the end. CERT-PL states verbatim: "It can lead to remote code execution by allowing an attacker to combine a genuine, signed JAR file with a malicious ZIP file, causing the verification to pass but the malicious class to be loaded." An attacker who controls the JAR download path (MitM on the SzafirHost CDN/update channel, DNS interception, or a compromised mirror) can therefore execute arbitrary code inside SzafirHost — and silently sign fraudulent documents in the context of an authenticated KIR user session. Technique class: T1574.002 DLL Side-Loading equivalent for Java class-path hijack. Patched in SzafirHost 1.2.1. Why it matters to us: Szafir QES is one of the established Polish qualified signature ecosystems used in Polish public procurement, court e-filing, tax administration and healthcare e-signature workflows. Under eIDAS, qualified electronic signatures issued by a Polish QTSP enjoy cross-border legal recognition across EU member states and Switzerland's eIDAS-equivalent framework. A successful zip-polyglot attack against the SzafirHost JAR download path silently weaponises every signature produced on the compromised endpoint — an integrity-class failure that breaks the assumption baseline for eIDAS-trust documents wherever Polish QES output is consumed.
“SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream (reading from the beginning of the file), but loads classes using class JarFile/URLClassLoader (reading the Central Directory from the end). It can lead to remote code execution by allowing an attacker to combine a genuine, signed JAR file with a malicious ZIP file, causing the verification to pass but the malicious class to be loaded.” — CERT Polska
Action items
- Audit Polish-Qualified-Electronic-Signature workflows for SzafirHost 1.2.1 deployment if your environment accepts eIDAS-cross-recognised signatures from KIR Szafir signers (federal procurement, court e-filing counterparties, healthcare partners). The pre-patch zip-polyglot JAR bypass means SzafirHost endpoints exposed to a compromised download path could have produced silently-fraudulent signatures during the disclosure window. Reference: § 1 SzafirHost item.