CVE-2026-0809 | THREATINT

Description

Use of a custom token encoding algorithm in Streamsoft Prestiż software allows the value of the KSeF (Krajowy System e-Faktur) token to be guessed after analyzing how tokens with know values are encoded. This issue was fixed in version 20.0.380.92.

PUBLISHED Reserved 2026-01-09 | Published 2026-03-12 | Updated 2026-03-12 | Assigner CERT-PL

MEDIUM: 6.3CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-261 Weak Encoding for Password

Product status

Default status

unaffected

12.2.363.17 (custom) before 20.0.380.92

affected

Credits

Kamil Dąbkowski finder

References

www.streamsoft.pl/streamsoft-prestiz/ product

cert.pl/posts/2026/03/CVE-2026-0809 third-party-advisory

cve.org (CVE-2026-0809)

nvd.nist.gov (CVE-2026-0809)

Download JSON