Platform
windows
Component
foxit-esign
Fixed in
2026.0.1
CVE-2026-4947 describes an insecure direct object reference (IDOR) vulnerability affecting Foxit eSign. This flaw could enable attackers to access or modify unauthorized resources by manipulating object identifiers, potentially forging signatures and compromising document integrity. The vulnerability affects Foxit eSign versions up to and before 2026-03-26. A fix was released on 2026-03-26.
CVE-2026-4947 exposes an Insecure Direct Object Reference (IDOR) vulnerability in the signing invitation acceptance process of Foxit eSign. Under certain conditions, an attacker could access or modify unauthorized resources by manipulating user-supplied object identifiers. This could lead to forged signatures and compromise the integrity and authenticity of documents undergoing the signing process. The vulnerability is rated as 7.1 on the CVSS scale, indicating a moderately high risk. It specifically affects na1.foxitesign.foxit.com and was patched on March 26, 2026. The root cause is insufficient authorization validation on referenced resources.
Exploitation of this IDOR vulnerability requires an attacker to have knowledge of the internal object identifiers used in the signing invitation acceptance process. This could be achieved through network request observation or application reverse engineering. Once a valid object identifier is known, the attacker could manipulate it to access resources they are not authorized to access, such as signing documents belonging to other users. The lack of robust authorization validation enables this type of manipulation. The success of exploitation depends on the attacker's ability to bypass existing access controls and gain unauthorized access to signing resources.
Exploit Status
EPSS
0.03% (9% percentile)
CISA SSVC
CVSS Vector
To mitigate the risk associated with CVE-2026-4947, it is highly recommended to update to the latest version of Foxit eSign, which includes the security fix. This update addresses the insufficient authorization validation that allowed object identifier manipulation. Additionally, review and strengthen access control policies to ensure that only authorized users can access signing resources. Monitoring audit logs for suspicious activity related to signing invitation acceptance is also a recommended practice. The patch was released on March 26, 2026, so applying the update as soon as possible is crucial to protect against potential attacks.
Actualice a la versión 2026-03-26 o posterior de Foxit eSign. Esta versión corrige la vulnerabilidad IDOR que podría permitir la falsificación de firmas. Consulte el boletín de seguridad de Foxit para obtener más detalles e instrucciones de actualización.
Vulnerability analysis and critical alerts directly to your inbox.
An IDOR (Insecure Direct Object Reference) vulnerability occurs when an application uses internal object identifiers (like database IDs) in URLs or requests without proper validation, allowing attackers to access unauthorized resources.
This vulnerability could allow an attacker to forge signatures or access documents they are not authorized to view, compromising the integrity and confidentiality of data.
Update to the latest version of Foxit eSign as soon as possible to apply the security fix. Review your access control policies and monitor audit logs.
Monitor your audit logs for unauthorized access to signing documents or suspicious activity related to signing invitation acceptance.
You can find more information about CVE-2026-4947 on vulnerability databases such as the National Vulnerability Database (NVD) or in Foxit’s security advisories.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.