NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-9058

Summary	Szafir SDK returns a success status code from the cryptographic digital signature verification process (i.e. /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0, "Positively verified") even when the trust status of the signer's certificate could not be established (i.e. /VerifyingTaskItem/Signature/VerificationResult/SigningCertificate/@certificateType == "nondetermined"). This causes consuming applications to incorrectly treat the signature as valid despite an unverified certificate chain, enabling authentication bypass and user impersonation. This issue was fixed in version 463.
Publication Date	May 25, 2026, 11:16 p.m.
Registration Date	May 27, 2026, 4:07 a.m.
Last Update	May 25, 2026, 11:16 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.pl/posts/2026/05/CVE-2026-9058	cvd@cert.pl
2	https://www.elektronicznypodpis.pl/	cvd@cert.pl

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-393	誤ったステータスコードの戻り	https://cwe.mitre.org/data/definitions/393.html