Skip to main content

Foxit eSign EUVDEUVD-2026-17767

| CVE-2026-4947 HIGH
Improper Access Control (CWE-284)
2026-04-01 Foxit
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

5
Analysis Updated
Apr 27, 2026 - 13:27 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 27, 2026 - 13:22 vuln.today
cvss_changed
EUVD ID Assigned
Apr 01, 2026 - 01:45 euvd
EUVD-2026-17767
Analysis Generated
Apr 01, 2026 - 01:45 vuln.today
CVE Published
Apr 01, 2026 - 01:40 nvd
HIGH 7.1

DescriptionCVE.org

Addressed a potential insecure direct object reference (IDOR) vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object identifiers, potentially leading to forged signatures and compromising the integrity and authenticity of documents undergoing the signing process. The issue was caused by insufficient authorization validation on referenced resources during request processing.

AnalysisAI

Insecure direct object reference in Foxit eSign's signing invitation acceptance process allows authenticated attackers to forge document signatures by manipulating object identifiers. Attackers with low-level privileges can access high-sensitivity resources and modify signing workflows without proper authorization, potentially compromising document integrity and authenticity in electronic signature workflows. EPSS score of 0.03% (8th percentile) indicates low observed exploitation probability, with no public exploit code or active exploitation confirmed at time of analysis.

Technical ContextAI

This vulnerability exploits an Insecure Direct Object Reference (IDOR) pattern classified under CWE-284 (Improper Access Control). IDOR occurs when applications expose direct references to internal implementation objects-such as database keys, file paths, or resource identifiers-without validating whether the requesting user is authorized to access the referenced resource. In Foxit eSign's case, the signing invitation acceptance workflow accepts user-supplied object identifiers (likely invitation tokens, document IDs, or signer identifiers) without sufficient server-side authorization checks. The affected product is Foxit eSign cloud service hosted at na1.foxitesign.foxit.com, a SaaS electronic signature platform. The authorization bypass occurs during request processing when the application validates object existence but fails to verify the authenticated user's ownership or permission to access that specific resource.

RemediationAI

Foxit released a fix deployed to the na1.foxitesign.foxit.com cloud service on 2026-03-26. As a SaaS platform, no customer action is required for patching-the fix is automatically applied server-side. Organizations should verify their eSign instance was updated by confirming the service build date or contacting Foxit support. Review audit logs from before 2026-03-26 for suspicious signing invitation acceptance patterns, specifically looking for users accepting invitations not originally sent to them or accessing documents outside their authorization scope. Implement compensating controls: enable multi-factor authentication for all eSign users to reduce account compromise risk (the primary attack prerequisite), configure signing workflows to require additional verification steps for high-value documents, and establish monitoring for anomalous signature activity patterns such as rapid acceptance of multiple invitations by single accounts. Note that MFA reduces but does not eliminate risk since the vulnerability affects authenticated sessions. For critical documents signed before the patch date, consider verification procedures to confirm signature authenticity. Detailed security bulletin available at https://www.foxit.com/support/security-bulletins.html.

Share

EUVD-2026-17767 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy