Threats Tagged 'cve-2026-13165'
View all threats tagged with 'cve-2026-13165'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-13165'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-13165: CWE-434 Unrestricted Upload of File with Dangerous Type in Krajowa Izba Rozliczeniowa SzafirHostCVE-2026-13165 0 SzafirHost verifies the downloaded native library archive with one JarFile parser (reading the Central Directory) but extracts native libraries with JarInputStream parser (reading sequentially from local file headers). An attacker who controls the served archive can insert a malicious DLL/SO/DYLIB as a local-file-header entry between the last legitimate entry and the Central Directory, without adding it to the Central Directory. The signature verifier never sees the injected entry and accepts the archive as validly signed; the extractor reads it sequentially and writes the attacker library to the native temp directory with no hash check), while the archive-size check still passes. This can lead to remote code execution. This issue was fixed in version 1.2.2. Join the discussion | CVE Database V5 | 06/29/2026, 12:16:55 UTC Added: 06/29/2026, 13:36:39 UTC |
Showing 1 to 1 of 1 result