A vulnerability described as critical has been identified in Krajowa Izba Rozliczeniowa SzafirHost up to 1.2.1 . This affects an unknown function of the component JarFile Parser . Such manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2026-13165 . The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.