Home · Live brief · Daily brief 2026-05-26
CVE-2026-9058 — Szafir SDK (KIR): signature-verification routine reports success on an untrusted certificate chain, enabling auth bypass in Polish e-government
Part of run 2026-05-26-ae9d0d4b (intel · Claude Opus 4.7)
CERT Polska disclosed CVE-2026-9058, an improper-certificate-validation flaw (CWE-393 / CWE-637) scored CVSS 4.0 9.3 (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N) in Szafir SDK, the qualified-electronic-signature library developed by clearinghouse Krajowa Izba Rozliczeniowa (KIR) and embedded across Polish public-administration systems (CERT Polska, 2026-05-25; ENISA EUVD-2026-31679, 2026-05-25). The defect is precise and instructive: the SDK returns the success code /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0 ("Positively verified") from cryptographic signature verification even when the signer certificate's trust status is nondetermined — i.e. the chain could not be validated to a trusted root. A consuming application that gates on the result code alone treats a signature backed by an unverifiable or attacker-supplied certificate as valid, yielding authentication bypass and user impersonation without possession of a legitimate qualified certificate (T1606). Any application that consumes Szafir to accept qualified electronic signatures is therefore exposed to forged-signature acceptance — squarely the qualified-signature use case across Polish e-government and regulated industry; the issue is fixed in version 463.
This clears the § 2 bar on ENISA EUVD CVSS ≥ 9.0 and as a national-CERT primary disclosure for its own jurisdiction. Defender action beyond upgrading to ≥ 463: applications must validate the certificate trust status independently of the result code — check …/SigningCertificate/@certificateType != "nondetermined" before accepting the signature — and audit verification logs for events where Result/@code == 0 coincided with a nondetermined certificate, which indicates likely abuse. The broader lesson generalises to any CH/EU qualified-signature stack: never collapse "cryptographically intact" and "anchored to a trusted root" into a single boolean. No in-the-wild exploitation is reported.
Action items
- Upgrade Szafir SDK to ≥ 463 and fix the validation logic, not just the version — in every application consuming the SDK, gate signature acceptance on the certificate trust status (
SigningCertificate/@certificateType != "nondetermined"), not on the result code alone, and review verification logs forResult/@code == 0events that coincided with a nondetermined certificate (§ 2, CVE-2026-9058). The same "verify trust status, not just cryptographic integrity" check applies to any CH/EU qualified-signature stack (CERT Polska, 2026-05-25).