Insecure Direct Object Reference Vulnerability in Foxit Sign Products
CVE-2026-4947

7.1HIGH

Key Information:

Vendor: Foxit Inc.
Status: Na1.foxitesign.foxit.com
Vendor: CVE Published:; 1 April 2026

What is CVE-2026-4947?

This vulnerability pertains to a scenario within Foxit Sign's signing invitation acceptance process where the lack of sufficient authorization checks can lead to potential unauthorized access or alteration of documents. Attackers may exploit this weakness by manipulating user-supplied identifiers, which can result in the ability to forge signatures, thereby undermining the authenticity and integrity of documents involved in the signing workflow. It is essential for users to be aware of these risks and ensure implementation of security measures to protect sensitive information.

Affected Version(s)

na1.foxitesign.foxit.com before 2026-03-26

References

https://www.foxit.com/support/security-bulletins.html

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2026
Vulnerability Reserved
Mar 27, 2026

CVE-2026-4947 Data

JSON

Foxit Inc.

What is CVE-2026-4947?

Affected Version(s)

References

CVSS V3.1

Timeline