CVE-2026-44088

Published: Mag 15, 2026 Last Modified: Mag 19, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,6

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: active

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream (reading from the beginning of the file), but loads classes using class JarFile/URLClassLoader (reading the Central Directory from the end). It can lead to remote code execution by allowing an attacker to combine a genuine, signed JAR file with a malicious ZIP file, causing the verification to pass but the malicious class to be loaded.

This issue was fixed in version 1.2.1.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0034

Percentile

0,6th

Updated

EPSS Score Trend (Last 6 Days)

434

Unrestricted Upload of File with Dangerous Type

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Execute Unauthorized Code Or Commands

Applicable Platforms

Languages: ASP.NET, PHP, Not Language-Specific

Technologies: Web Server, AI/ML

Likelihood of Exploit: Medium

View CWE Details

https://cert.pl/posts/2026/05/CVE-2026-44088

https://www.elektronicznypodpis.pl/

CVE-2026-44088

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 6 Days)

Unrestricted Upload of File with Dangerous Type

Common Consequences

Applicable Platforms

Iscriviti alla newsletter