CVE-2026-8931
unknown
CVSS v3
โ
CVSS v4 NEW
9.4
VIR risk
โ
Description
A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
References
- https://download.disigcdn.sk/cdn/products/websigner2/changelog.en.txt
- https://download.disigcdn.sk/cdn/products/websigner2/changelog.sk.txt
- https://qesportal.sk/Portal/en/Info/News#websigner255
- https://qesportal.sk/Portal/sk/Info/News#websigner255
- https://www.disig.sk/en/news/important-update-of-the-web-signer-application/
- https://www.disig.sk/sk/aktuality/dolezita-aktualizacia-aplikacie-web-signer/
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.