EUVD-2026-17767CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Lifecycle Timeline
3Description
Addressed a potential insecure direct object reference (IDOR) vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object identifiers, potentially leading to forged signatures and compromising the integrity and authenticity of documents undergoing the signing process. The issue was caused by insufficient authorization validation on referenced resources during request processing.
Analysis
Insecure direct object reference (IDOR) in Foxit eSign's invitation acceptance workflow allows authenticated users to manipulate object identifiers and forge document signatures. By exploiting insufficient authorization checks during signing invitation processing, attackers with low-level authentication can access unauthorized resources and inject fraudulent signatures into documents, undermining the integrity and legal validity of electronic signing processes. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: audit all Foxit eSign instances in your environment and document current versions; notify legal and compliance teams of signature integrity risks. Within 7 days: restrict Foxit eSign access to essential personnel only, implement application-level access controls to limit signing invitation modifications, and require multi-factor authentication for all eSign administrative accounts. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today