CVE-2026-4947— Foxit PDF Reader和Foxit PDF Editor 安全漏洞

Insecure Direct Object Reference (IDOR) Leading to Signature Forgery in Foxit eSign

Addressed a potential insecure direct object reference (IDOR) vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object identifiers, potentially leading to forged signatures and compromising the integrity and authenticity of documents undergoing the signing process. The issue was caused by insufficient authorization validation on referenced resources during request processing.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

访问控制不恰当

Foxit PDF Reader和Foxit PDF Editor 安全漏洞

Foxit PDF Reader和Foxit PDF Editor都是中国福昕（Foxit）公司的产品。Foxit PDF Reader是一款PDF阅读器。Foxit PDF Editor是一款PDF编辑器。 Foxit PDF Reader和Foxit PDF Editor存在安全漏洞，该漏洞源于签名邀请接受过程中存在潜在的不安全的直接对象引用，可能导致攻击者通过操作用户提供的对象标识符访问或修改未授权资源，从而造成签名伪造并损害文档完整性。

N/A

N/A