CVE-2026-4947
Received Received - Intake
IDOR Vulnerability in Signing Invitation Allows Forged Signatures

Publication date: 2026-04-01

Last updated on: 2026-04-27

Assigner: Foxit

Description
Addressed a potential insecure direct object reference (IDOR) vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object identifiers, potentially leading to forged signatures and compromising the integrity and authenticity of documents undergoing the signing process. The issue was caused by insufficient authorization validation on referenced resources during request processing.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-01
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-04-01
EPSS Evaluated
2026-06-14
NVD
CVE-2026-4947
EUVD
EUVD-2026-17767
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
foxit esign to 2026-03-26 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an insecure direct object reference (IDOR) issue in the signing invitation acceptance process. It occurs when an attacker manipulates user-supplied object identifiers to access or modify resources they are not authorized to. This can lead to forged signatures and compromise the integrity and authenticity of documents involved in the signing process. The root cause is insufficient authorization validation on referenced resources during request processing.

Impact Analysis

The vulnerability can allow attackers to access or modify unauthorized resources, potentially forging signatures on documents. This compromises the integrity and authenticity of documents, which could lead to unauthorized approvals, legal issues, or loss of trust in the signing process.

Compliance Impact

This vulnerability involves an insecure direct object reference (IDOR) that could allow unauthorized access or modification of resources, potentially leading to forged signatures and compromising document integrity and authenticity.

Such issues can impact compliance with standards and regulations like GDPR and HIPAA, which require strict controls over data access, integrity, and authenticity to protect personal and sensitive information.

By allowing unauthorized access or modification, this vulnerability could lead to violations of these regulations' requirements for data protection and auditability.

Mitigation Strategies

To mitigate this vulnerability, users should update their Foxit PDF Reader and Foxit PDF Editor applications to the latest versions.

Updates can be obtained through the application's built-in update feature or by downloading the latest versions from the Foxit website.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4947. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart