SzafirHost 1.2.1 RCE via JAR Sign Verify Mismatch: CVE-2026-44088 May 2026

SzafirHost 1.2.1 RCE via JAR Sign Verify Mismatch
CVE-2026-44088 Published on May 15, 2026

Remote Code Execution in SzafirHost
SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream (reading from the beginning of the file), but loads classes using class JarFile/URLClassLoader (reading the Central Directory from the end). It can lead to remote code execution by allowing an attacker to combine a genuine, signed JAR file with a malicious ZIP file, causing the verification to pass but the malicious class to be loaded. This issue was fixed in version 1.2.1.

Weakness Type

What is an Unrestricted File Upload Vulnerability?

The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

CVE-2026-44088 has been classified to as an Unrestricted File Upload vulnerability or weakness.

Affected Versions

Before 1.2.1 is affected.

SzafirHost 1.2.1 RCE via JAR Sign Verify MismatchCVE-2026-44088 Published on May 15, 2026

Weakness Type

What is an Unrestricted File Upload Vulnerability?

Affected Versions

SzafirHost 1.2.1 RCE via JAR Sign Verify Mismatch
CVE-2026-44088 Published on May 15, 2026