Archive of SignServer Security Issues

Keyfactor maintains the following historical list of SignServer security issues which have been fixed and submitted as CVEs (Common Vulnerabilities and Exposures).

For issues affecting supported versions of SignServer, the list includes the CVE identifier, a link to the full security advisory, and relevant release notes. Additionally, CVEs affecting unsupported versions are also listed with links to release notes.

To learn more about our security posture, refer to Keyfactor Trust Center.

2025

CVE-2025-47220

Local File Enumeration Issue - View SignServer Security Advisory

Resolved in product version: SignServer 7.3.2

CVE-2025-47221

Arbitrary File Write Issue - View SignServer Security Advisory

Resolved in product version: SignServer 7.3.2

CVE-2025-47222

Class Name Enumeration Issue - View SignServer Security Advisory

Resolved in product version: SignServer 7.3.2

CVE-2025-26787

Container Vulnerability - View SignServer Security Advisory

Resolved in product version: SignServer 7.2

Security issues in SignServer versions no longer supported

2022

CVE-2022-26494

XSS Vulnerability in the Admin Web Interface - View SignServer Security Advisory

Resolved in product version: SignServer 5.9.1