CVE-2026-4947

HIGH 7.1

Insecure Direct Object Reference (IDOR) Leading to Signature Forgery in Foxit eSign

CVSS Score

7.1

EPSS Score

0.0%

EPSS Percentile

8th

Addressed a potential insecure direct object reference (IDOR) vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object identifiers, potentially leading to forged signatures and compromising the integrity and authenticity of documents undergoing the signing process. The issue was caused by insufficient authorization validation on referenced resources during request processing.

CWE	CWE-284
Vendor	foxit software inc.
Product	na1.foxitesign.foxit.com
Published	Apr 1, 2026
Last Updated	Apr 2, 2026

Stay Ahead of the Next One

Get instant alerts for foxit software inc. na1.foxitesign.foxit.com

Be the first to know when new high vulnerabilities affecting foxit software inc. na1.foxitesign.foxit.com are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Affected Versions

Foxit Software Inc. / na1.foxitesign.foxit.com

before 2026-03-26

References

NVD ↗ CVE.org ↗ EPSS Data ↗

foxit.com: https://www.foxit.com/support/security-bulletins.html

Credits

Vedant Roy of Ultimate Kronos Group(UKG)