Signing Invitation Acceptance Vulnerability: Unauthorized Access to Documents

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.1

Signing Invitation Acceptance Vulnerability: Unauthorized Access to Documents

CVE-2026-4947

Summary

A flaw in the way signatures are accepted could have allowed attackers to access or modify documents they shouldn't have. This could have led to fake signatures and compromised trust in the signing process. To prevent this, the affected software has been updated to better check who has access to each document.

Original title

Original description

Addressed a potential insecure direct object reference (IDOR) vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object identifiers, potentially leading to forged signatures and compromising the integrity and authenticity of documents undergoing the signing process. The issue was caused by insufficient authorization validation on referenced resources during request processing.

nvd CVSS3.1 7.1

Vulnerability type

CWE-284 Improper Access Control

https://www.foxit.com/support/security-bulletins.html

Published: 1 Apr 2026 · Updated: 1 Apr 2026 · First seen: 1 Apr 2026