Ctrl + K
/ news / CVE
CVEPublished 2026-04-02Modified 2026-04-270 articles on news5 live referencesNVD data

CVE-2026-26928

Vulnerability data via NVD (ingested)

CVSS v3.1
EPSS percentile
7
Exploit Prediction Scoring System · top 93% of all CVEs
Weaknesses (CWE)
CWE-354Improper Validation of Integrity Check Value
Description

SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that list, it was checked to see if it had been digitally signed by the vendor. The application doesn't verify hash or vendor's digital signature of uploaded DLL, SO, JNILIB or DYLIB file. The attacker can provide malicious file which will be saved in users /temp folder and executed by the application. This issue was fixed in version 1.1.0.

Timeline
Published 2026-04-02
Modified 2026-04-27

External references

NVDMITREExploit-DBSploitusVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2026-26928
Hosts Shodan has explicitly fingerprinted as vulnerable.
More intel sources (5)
Shodan report
vuln:CVE-2026-26928
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-26928
Censys host search filtered to this CVE id.
grep.app
CVE-2026-26928
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-26928
GitHub code search for direct mentions.
Google dork
"CVE-2026-26928" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub

No public proof-of-concept repositories found for CVE-2026-26928 on GitHub.
We haven't classified any articles referencing CVE-2026-26928 yet. The external references above still apply.