On January 26, DocuSign security and engineering teams received intelligence of the PwnKit vulnerability (CVE-2021-4034) and initiated investigations. DocuSign is performing necessary patching or mitigating as vulnerable configurations are identified.

As of January 31, 2021, DocuSign has observed no indicators of compromise in the environment, or to customers.

DocuSign continues to investigate and monitor the situation as it evolves with any new information.