Cyber Resilience

CVE-2026-4947

High

Published: 01 April 2026

Published
01 April 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
EPSS Score 0.0004 14.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-4947 is a high-severity Improper Access Control (CWE-284) vulnerability in Foxit Esign. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 14.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-4947 is an insecure direct object reference (IDOR) vulnerability, classified under CWE-284, affecting the signing invitation acceptance process in Foxit software. The issue arises from insufficient authorization validation on referenced resources during request processing, enabling manipulation of user-supplied object identifiers under certain conditions. This could allow access to or modification of unauthorized resources, with a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N), indicating high confidentiality impact and low integrity impact.

An authenticated attacker with low privileges can exploit this vulnerability remotely over the network, requiring low attack complexity and no user interaction. Exploitation enables the attacker to access unauthorized resources for high confidentiality breaches and perform limited modifications, potentially forging signatures and undermining the integrity and authenticity of documents in the signing process.

Mitigation details and patches are documented in Foxit's security bulletins, available at https://www.foxit.com/support/security-bulletins.html.

EU & UK References

Vulnerability details

Addressed a potential insecure direct object reference (IDOR) vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object identifiers, potentially leading to forged…

more

signatures and compromising the integrity and authenticity of documents undergoing the signing process. The issue was caused by insufficient authorization validation on referenced resources during request processing.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

IDOR enables remote authenticated access to unauthorized resources (high C impact) via insufficient authorization checks, directly facilitating T1190 (exploiting public-facing app) and T1068 (vuln exploitation for effective privilege escalation via unauthorized access/modification in signing process).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-29315Shared CWE-284
CVE-2025-55261Shared CWE-284
CVE-2026-21636Shared CWE-284
CVE-2025-57130Shared CWE-284
CVE-2024-53348Shared CWE-284
CVE-2025-20229Shared CWE-284
CVE-2026-24300Shared CWE-284
CVE-2026-20750Shared CWE-284
CVE-2025-2280Shared CWE-284
CVE-2025-70064Shared CWE-284

Affected Assets

foxit
esign
≤ 2026-03-26

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for logical access to information and system resources, directly mitigating insufficient authorization validation on user-supplied object identifiers during request processing.

prevent

Implements a reference monitor to mediate all subject-object accesses according to policy, preventing IDOR exploitation through manipulated identifiers accessing unauthorized resources.

prevent

Enforces least privilege for low-privilege authenticated users, limiting the impact of unauthorized resource access and modification in the signing process.

References