CVE-2026-8931
Severity CVSS v4.0:
CRITICAL
Type:
CWE-94
Code Injection
Publication date:
01/06/2026
Last modified:
01/06/2026
Description
A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3.
Impact
Base Score 4.0
9.40
Severity 4.0
CRITICAL
References to Advisories, Solutions, and Tools
- https://download.disigcdn.sk/cdn/products/websigner2/changelog.en.txt
- https://download.disigcdn.sk/cdn/products/websigner2/changelog.sk.txt
- https://qesportal.sk/Portal/en/Info/News#websigner255
- https://qesportal.sk/Portal/sk/Info/News#websigner255
- https://www.disig.sk/en/news/important-update-of-the-web-signer-application/
- https://www.disig.sk/sk/aktuality/dolezita-aktualizacia-aplikacie-web-signer/



