CVE-2026-9058
Gravedad CVSS v4.0:
CRÍTICA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
25/05/2026
Última modificación:
26/05/2026
Descripción
*** Pendiente de traducción *** Szafir SDK returns a success status code from the cryptographic digital signature verification process (i.e. /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0, "Positively verified") even when the trust status of the signer&#39;s certificate could not be established (i.e. /VerifyingTaskItem/Signature/VerificationResult/SigningCertificate/@certificateType == "nondetermined"). This causes consuming applications to incorrectly treat the signature as valid despite an unverified certificate chain, enabling authentication bypass and user impersonation.<br />
<br />
This issue was fixed in version 463.
Impacto
Puntuación base 4.0
9.30
Gravedad 4.0
CRÍTICA



