What is CVE-2026-8993?

CVE-2026-8993 is a medium-severity vulnerability in Ditec A.s. D.launcher 2, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 6.5/10. Published 2026-06-02.

How severe is CVE-2026-8993?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Information disclosure in Ditec A.s. D.launcher 2

CVE-2026-8993

D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection…

EPSS: 0.000 (9.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N.

Affected products

Ditec A.s. D.launcher 2 — versions 0

Weakness classification (CWE)

CWE-74 — Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
CWE-200 — Information Disclosure

References

incident@nbu.gov.sk
incident@nbu.gov.sk

Frequently asked questions

What is CVE-2026-8993?: CVE-2026-8993 is a medium-severity vulnerability in Ditec A.s. D.launcher 2, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 6.5/10. Published 2026-06-02.
How severe is CVE-2026-8993?: Medium severity. CVSS v3 base score is 6.5 out of 10.