CVE-2026-0809 MEDIUM

CVE-2026-0809: Weak KSeF token encoding in Streamsoft Prestiż

Vendor Streamsoft
Product Streamsoft Prestiż
Weakness CWE-261
Published March 12, 2026
Last update March 12, 2026

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Use of a custom token encoding algorithm in Streamsoft Prestiż software allows the value of the KSeF (Krajowy System e-Faktur) token to be guessed after analyzing how tokens with know values are encoded. This issue was fixed in version 20.0.380.92.

Key dates

02Disclosure timeline

March 12, 2026 CVE published
March 12, 2026 Record updated