PatchSiren cyber security CVE debrief
CVE-2026-3999 Pointsharp CVE debrief
CVE-2026-3999 is a HIGH severity vulnerability in Pointsharp Id Server. An authenticated user may perform horizontal privilege escalation due to broken access control. The vulnerability only impacts specific configurations. The CVSS score for this vulnerability is 8.8.
- Vendor
- Pointsharp
- Product
- Id Server
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-13
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-03-13
- Advisory updated
- 2026-06-08
Who should care
Users of Pointsharp Id Server, especially those with specific configurations, should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
A broken access control vulnerability in Pointsharp Id Server may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability has a CVSS score of 8.8 and is considered HIGH severity.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or mitigations as recommended by the vendor.
- Review and update configurations to ensure they are not impacted by the vulnerability.
- Monitor systems for suspicious activity.
Evidence notes
The vulnerability is described in CVE-2026-3999 and detailed in the NVD database. A vendor advisory is available at [ref-4](https://docs.pointsharp.com/psa/advisories/psa-2026-001.html).
Official resources
-
CVE-2026-3999 CVE record
CVE.org
-
CVE-2026-3999 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
a6d3dc9e-0591-4a13-bce7-0f5b31ff6158 - Vendor Advisory
CVE-2026-3999 was published on 2026-03-13T19:55:13.130Z and last modified on 2026-06-08T14:31:29.110Z.