RCE in Disig Web Signer

CVE-2026-8931

A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.004 (60.1th percentile) — read the EPSS interpretation.

Affected products

Disig Web Signer — versions 2.0.3, 2.5.5

Weakness classification (CWE)

CWE-94 — Code Injection

References