Home

Description

A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3.

PUBLISHED Reserved 2026-05-19 | Published 2026-06-01 | Updated 2026-06-01 | Assigner SK-CERT




CRITICAL: 9.4CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Product status

Default status
unaffected

2.0.3 (custom)
affected

2.5.5
unaffected

Credits

Marek Alakša of Binary House finder

References

www.disig.sk/...ortant-update-of-the-web-signer-application/

www.disig.sk/.../dolezita-aktualizacia-aplikacie-web-signer/

download.disigcdn.sk/...products/websigner2/changelog.en.txt

download.disigcdn.sk/...products/websigner2/changelog.sk.txt

qesportal.sk/Portal/en/Info/News

qesportal.sk/Portal/sk/Info/News

cve.org (CVE-2026-8931)

nvd.nist.gov (CVE-2026-8931)

Download JSON