Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.4
CVE-2026-8931: Disig Web Signer RCE allows attackers to run code on your server
CVE-2026-8931
Summary
Disig Web Signer, a digital signature tool, has a critical vulnerability that allows attackers to run their own code on your server. This could lead to unauthorized access, data theft, or disruption of your services. We recommend updating to a fixed version of Disig Web Signer as soon as possible.
Original title
A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3.
Original description
A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3.
nvd CVSS4.0
9.4
Vulnerability type
CWE-94
Code Injection
- https://download.disigcdn.sk/cdn/products/websigner2/changelog.en.txt
- https://download.disigcdn.sk/cdn/products/websigner2/changelog.sk.txt
- https://qesportal.sk/Portal/en/Info/News#websigner255
- https://qesportal.sk/Portal/sk/Info/News#websigner255
- https://www.disig.sk/en/news/important-update-of-the-web-signer-application/
- https://www.disig.sk/sk/aktuality/dolezita-aktualizacia-aplikacie-web-signer/
Published: 1 Jun 2026 · Updated: 1 Jun 2026 · First seen: 1 Jun 2026