CVE-2026-8931

CRITICALNVD 9.49.4—Trending — 3 sources updated this week

9.4

A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3.

CVSS v3: 9.4
EG Score: 9.4(medium)
EPSS: 66.9%
KEV: Not listed

Published

June 1, 2026

Last Modified

June 1, 2026

Advisory Details (6)

Auto-updated Jun 1, 2026

No patch confirmed yet.

generic

Dôležitá aktualizácia aplikácie Web Signer | DISIG

https://www.disig.sk/sk/aktuality/dolezita-aktualizacia-aplikacie-web-signer/

generic

Important update of the Web Signer application | DISIG

https://www.disig.sk/en/news/important-update-of-the-web-signer-application/

generic

QES Portál - Elektronický podpis bez hraníc

https://qesportal.sk/Portal/sk/Info/News#websigner255

generic

QES Portal - Electronic signature without borders

https://qesportal.sk/Portal/en/Info/News#websigner255

generic

https://download.disigcdn.sk/cdn/products/websigner2/changelog.sk.txt

generic

https://download.disigcdn.sk/cdn/products/websigner2/changelog.en.txt

Vendor Advisories for CVE-2026-8931(1)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

GHSA-vcv9-hx6w-934w
GitHub Security AdvisoriesCritical
A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3...

Weakness Classification(1)

MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.

CWE-94Improper Control of Generation of Code (Code Injection)

Data Freshness Timeline

(refreshed 87× in last 7d / 175× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

Showing the most recent 100 of 175 total refreshes for this CVE.

2026-06-15 12:16 UTCEG score recompute
2026-06-15 12:16 UTCGHSA enrichment
2026-06-15 08:06 UTCEG score recompute
2026-06-15 08:06 UTCGHSA enrichment
2026-06-15 03:59 UTCEG score recompute
2026-06-15 03:58 UTCGHSA enrichment
2026-06-14 23:51 UTCEG score recompute
2026-06-14 23:50 UTCGHSA enrichment
2026-06-14 23:18 UTCEPSS rescore
2026-06-14 19:42 UTCEG score recompute
2026-06-14 19:42 UTCGHSA enrichment
2026-06-14 15:35 UTCEG score recompute
2026-06-14 15:35 UTCGHSA enrichment
2026-06-14 11:27 UTCEG score recompute
2026-06-14 11:27 UTCGHSA enrichment
2026-06-14 07:19 UTCEG score recompute
2026-06-14 07:19 UTCGHSA enrichment
2026-06-14 03:11 UTCEG score recompute
2026-06-14 03:11 UTCGHSA enrichment
2026-06-13 23:03 UTCEG score recompute
2026-06-13 23:03 UTCGHSA enrichment
2026-06-13 23:00 UTCEPSS rescore
2026-06-13 18:55 UTCEG score recompute
2026-06-13 18:55 UTCGHSA enrichment
2026-06-13 13:58 UTCEG score recompute

Show 75 more

2026-06-13 13:58 UTCGHSA enrichment
2026-06-13 09:50 UTCEG score recompute
2026-06-13 09:50 UTCGHSA enrichment
2026-06-13 05:41 UTCEG score recompute
2026-06-13 05:41 UTCGHSA enrichment
2026-06-13 01:34 UTCEG score recompute
2026-06-13 01:34 UTCGHSA enrichment
2026-06-12 23:12 UTCEPSS rescore
2026-06-12 23:12 UTCEPSS rescore
2026-06-12 21:26 UTCEG score recompute
2026-06-12 21:25 UTCGHSA enrichment
2026-06-12 17:17 UTCEG score recompute
2026-06-12 17:17 UTCGHSA enrichment
2026-06-12 13:08 UTCEG score recompute
2026-06-12 13:08 UTCGHSA enrichment
2026-06-12 09:00 UTCEG score recompute
2026-06-12 09:00 UTCGHSA enrichment
2026-06-12 04:52 UTCEG score recompute
2026-06-12 04:52 UTCGHSA enrichment
2026-06-12 00:45 UTCEG score recompute
2026-06-12 00:45 UTCGHSA enrichment
2026-06-11 20:37 UTCEG score recompute
2026-06-11 20:37 UTCGHSA enrichment
2026-06-11 16:30 UTCEG score recompute
2026-06-11 16:30 UTCGHSA enrichment
2026-06-11 14:00 UTCEPSS rescore
2026-06-11 12:22 UTCEG score recompute
2026-06-11 12:22 UTCGHSA enrichment
2026-06-11 08:14 UTCEG score recompute
2026-06-11 08:14 UTCGHSA enrichment
2026-06-11 04:06 UTCEG score recompute
2026-06-11 04:06 UTCGHSA enrichment
2026-06-10 23:58 UTCEG score recompute
2026-06-10 23:58 UTCGHSA enrichment
2026-06-10 22:19 UTCEPSS rescore
2026-06-10 19:50 UTCEG score recompute
2026-06-10 19:50 UTCGHSA enrichment
2026-06-10 15:43 UTCEG score recompute
2026-06-10 15:43 UTCGHSA enrichment
2026-06-10 13:22 UTCEPSS rescore
2026-06-10 11:35 UTCEG score recompute
2026-06-10 11:35 UTCGHSA enrichment
2026-06-10 07:28 UTCEG score recompute
2026-06-10 07:28 UTCGHSA enrichment
2026-06-10 03:19 UTCEG score recompute
2026-06-10 03:19 UTCGHSA enrichment
2026-06-09 23:11 UTCEG score recompute
2026-06-09 23:11 UTCGHSA enrichment
2026-06-09 19:03 UTCEG score recompute
2026-06-09 19:03 UTCGHSA enrichment
2026-06-09 14:56 UTCEG score recompute
2026-06-09 14:56 UTCGHSA enrichment
2026-06-09 10:48 UTCEG score recompute
2026-06-09 10:48 UTCGHSA enrichment
2026-06-09 06:41 UTCEG score recompute
2026-06-09 06:41 UTCGHSA enrichment
2026-06-09 02:33 UTCEG score recompute
2026-06-09 02:33 UTCGHSA enrichment
2026-06-08 22:25 UTCEG score recompute
2026-06-08 22:25 UTCGHSA enrichment
2026-06-08 18:17 UTCEG score recompute
2026-06-08 18:17 UTCGHSA enrichment
2026-06-08 14:17 UTCEPSS rescore
2026-06-08 12:20 UTCEG score recompute
2026-06-08 12:20 UTCGHSA enrichment
2026-06-08 08:12 UTCEG score recompute
2026-06-08 08:12 UTCGHSA enrichment
2026-06-08 04:05 UTCEG score recompute
2026-06-08 04:05 UTCGHSA enrichment
2026-06-07 23:57 UTCEG score recompute
2026-06-07 23:57 UTCGHSA enrichment
2026-06-07 19:50 UTCEG score recompute
2026-06-07 19:50 UTCGHSA enrichment
2026-06-07 15:42 UTCEG score recompute
2026-06-07 15:42 UTCGHSA enrichment

Frequently asked(5)

What is CVE-2026-8931?

CVE-2026-8931 is a critical vulnerability published on June 1, 2026. A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3.

When was CVE-2026-8931 disclosed?

CVE-2026-8931 was first published in the National Vulnerability Database on June 1, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Is CVE-2026-8931 actively exploited?

CVE-2026-8931 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 66.9% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.

What is the CVSS score of CVE-2026-8931?

CVE-2026-8931 has a CVSS v3 base score of 9.4 (NVD).

How do I remediate CVE-2026-8931?

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-8931, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2026-8931

Explore →

Is Your Infrastructure Affected by CVE-2026-8931?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2026-8931

📅 Published

🔄 Last Modified

📋 Advisory Details (6)

Dôležitá aktualizácia aplikácie Web Signer | DISIG

Important update of the Web Signer application | DISIG

QES Portál - Elektronický podpis bez hraníc

QES Portal - Electronic signature without borders

📣 Vendor Advisories for CVE-2026-8931(1)

Weakness Classification(1)

Data Freshness Timeline

❓ Frequently asked(5)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2026-8931?

🔗 Related CVEs(same CWE)

Same CWE

Published

Last Modified

Advisory Details (6)

Vendor Advisories for CVE-2026-8931(1)

Frequently asked(5)

Related CVEs(same CWE)