Critical RCE Vulnerability Discovered in SzafirHost Software

CERT Polska disclosed CVE-2026-13165, a high-severity remote code execution flaw in Krajowa Izba Rozliczeniowa's SzafirHost software, affecting all versions prior to 1.2.2. The vulnerability stems from inconsistent parsing of signed native library archives, allowing attackers to insert malicious DLL, SO, or DYLIB entries that bypass signature checks. This flaw enables remote code execution when the rogue library is executed from the native temporary directory. The issue was reported by Mariusz Maik and has been fixed in version 1.2.2, released on June 1, 2026. The CVSS score for this vulnerability is 8.6, indicating a significant risk to affected systems. Organizations using SzafirHost are urged to update to the latest version to mitigate this threat.

Key Points: • CVE-2026-13165 is a high-severity RCE vulnerability in SzafirHost software. • Attackers can exploit the flaw by inserting malicious libraries that bypass signature checks. • The vulnerability affects all versions prior to 1.2.2 and has been fixed in the latest release.