CVE-2026-0809

Summary

Use of a custom token encoding algorithm in Streamsoft Prestiż software allows the value of the KSeF (Krajowy System e-Faktur) token to be guessed after analyzing how tokens with know values are encoded.

This issue was fixed in version 20.0.380.92.

Affected Software

VendorProductVersion RangeStatus
StreamsoftStreamsoft Prestiż12.2.363.17 < 20.0.380.92affected

Weaknesses

  • CWE-261: CWE-261 Weak Encoding for Password

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References