CVE-2026-8931

EUVD-2026-33648
A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://download.disigcdn.sk/cdn/products/websigner2/changelog.en.txt
https://download.disigcdn.sk/cdn/products/websigner2/changelog.sk.txt
https://qesportal.sk/Portal/en/Info/News#websigner255
https://qesportal.sk/Portal/sk/Info/News#websigner255
https://www.disig.sk/en/news/important-update-of-the-web-signer-application/
https://www.disig.sk/sk/aktuality/dolezita-aktualizacia-aplikacie-web-signer/