7.1
CVE-2026-4947
- EPSS 0.04%
- Veröffentlicht 01.04.2026 01:40:26
- Zuletzt bearbeitet 27.04.2026 13:14:44
- Quelle 14984358-7092-470d-8f34-ade47a
- CVE-Watchlists
- Unerledigt
LoginInsecure Direct Object Reference (IDOR) Leading to Signature Forgery in Foxit eSign
Addressed a potential insecure direct object reference (IDOR) vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object identifiers, potentially leading to forged signatures and compromising the integrity and authenticity of documents undergoing the signing process. The issue was caused by insufficient authorization validation on referenced resources during request processing.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.113 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 14984358-7092-470d-8f34-ade47a7658a2 | 7.1 | 2.8 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.