CVE-2026-0809
Received Received - Intake
Token Prediction Vulnerability in Streamsoft Prestiż KSeF Encoding

Publication date: 2026-03-12

Last updated on: 2026-03-12

Assigner: CERT.PL

Description
Use of a custom token encoding algorithm in Streamsoft Prestiż software allows the value of the KSeF (Krajowy System e-Faktur) token to be guessed after analyzing how tokens with know values are encoded. This issue was fixed in version 20.0.380.92.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-12
Last Modified
2026-03-12
Generated
2026-06-16
AI Q&A
2026-03-12
EPSS Evaluated
2026-06-14
NVD
CVE-2026-0809
EUVD
EUVD-2026-11567
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
streamsoft prestiż 20.0.380.92
streamsoft prestiż From 12.2.363.17 (inc) to 20.0.380.91 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-261 Obscuring a password with a trivial encoding does not protect the password.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in Streamsoft Prestiż software involves the use of a custom, non-standard token encoding algorithm for the KSeF (Krajowy System e-Faktur) token.

Because of this weak encoding method, an attacker can analyze tokens with known values and then guess the value of other tokens, potentially compromising security.

This issue affects versions from 12.2.363.17 up to and including 20.0.380.91 and was fixed in version 20.0.380.92.

Impact Analysis

This vulnerability allows an attacker to guess the value of sensitive tokens used in the software, which could lead to unauthorized access or manipulation of electronic invoice data within the KSeF system.

Such unauthorized access could compromise the integrity and confidentiality of financial data managed by the Streamsoft Prestiż software.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves the use of a custom token encoding algorithm in Streamsoft Prestiż software that allows guessing the value of the KSeF token by analyzing tokens with known values.

Detection would require analyzing the tokens generated by the Streamsoft Prestiż software to see if they use the vulnerable encoding method.

Since the vulnerability is specific to versions from 12.2.363.17 up to and including 20.0.380.91, checking the software version installed on your system is a primary step.

No specific commands or network detection methods are provided in the available resources.

Mitigation Strategies

The vulnerability was fixed in Streamsoft Prestiż version 20.0.380.92.

The immediate mitigation step is to upgrade the Streamsoft Prestiż software to version 20.0.380.92 or later.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0809. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart