CVE-2026-0809
Token Prediction Vulnerability in Streamsoft Prestiż KSeF Encoding
Publication date: 2026-03-12
Last updated on: 2026-03-12
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| streamsoft | prestiż | 20.0.380.92 |
| streamsoft | prestiż | From 12.2.363.17 (inc) to 20.0.380.91 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-261 | Obscuring a password with a trivial encoding does not protect the password. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in Streamsoft Prestiż software involves the use of a custom, non-standard token encoding algorithm for the KSeF (Krajowy System e-Faktur) token.
Because of this weak encoding method, an attacker can analyze tokens with known values and then guess the value of other tokens, potentially compromising security.
This issue affects versions from 12.2.363.17 up to and including 20.0.380.91 and was fixed in version 20.0.380.92.
How can this vulnerability impact me? :
This vulnerability allows an attacker to guess the value of sensitive tokens used in the software, which could lead to unauthorized access or manipulation of electronic invoice data within the KSeF system.
Such unauthorized access could compromise the integrity and confidentiality of financial data managed by the Streamsoft Prestiż software.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the use of a custom token encoding algorithm in Streamsoft Prestiż software that allows guessing the value of the KSeF token by analyzing tokens with known values.
Detection would require analyzing the tokens generated by the Streamsoft Prestiż software to see if they use the vulnerable encoding method.
Since the vulnerability is specific to versions from 12.2.363.17 up to and including 20.0.380.91, checking the software version installed on your system is a primary step.
No specific commands or network detection methods are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability was fixed in Streamsoft Prestiż version 20.0.380.92.
The immediate mitigation step is to upgrade the Streamsoft Prestiż software to version 20.0.380.92 or later.