CVE-2026-4947 HIGH

CVE-2026-4947: Insecure Direct Object Reference (IDOR) Leading to Signature Forgery in Foxit eSign

Vendor Foxit Software Inc.

Product na1.foxitesign.foxit.com

Weakness CWE-284

Published April 1, 2026

Last update April 2, 2026

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

Addressed a potential insecure direct object reference (IDOR) vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object identifiers, potentially leading to forged signatures and compromising the integrity and authenticity of documents undergoing the signing process. The issue was caused by insufficient authorization validation on referenced resources during request processing.

Key dates

02Disclosure timeline

April 1, 2026 CVE published

April 2, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-4947 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

Identifiers

CVE CVE-2026-4947

CWE CWE-284

CVSS 7.1 / HIGH

Affected versions