Remote Code Execution Vulnerability in Disig Web Signer by Disig
CVE-2026-8931

9.4CRITICAL

Key Information:

Vendor: Disig
Status: Web Signer
Vendor: CVE Published:; 1 June 2026

What is CVE-2026-8931?

A significant vulnerability in Disig Web Signer allows unauthorized remote code execution on affected versions, posing serious risks to the integrity and security of web applications utilizing this signer. Users are strongly advised to update to the latest version to mitigate potential exploits. Enhanced security measures should be implemented to protect sensitive operations carried out by the application.

Affected Version(s)

Web Signer 2.0.3 <= 2.5.3

Web Signer 2.5.5

References

https://www.disig.sk/en/news/important-update-of-the-web-...

https://www.disig.sk/sk/aktuality/dolezita-aktualizacia-a...

https://download.disigcdn.sk/cdn/products/websigner2/chan...

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2026
Vulnerability Reserved
May 19, 2026

Credit

Marek Alakša of Binary House

CVE-2026-8931 Data

JSON