Auth bypass in Pointsharp Id Server

CVE-2026-3999

A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability only impacts specific configurations.

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.000 (5.4th percentile) — read the EPSS interpretation.

Affected products

Pointsharp Id Server — versions 0

Weakness classification (CWE)

CWE-639 — Authorization Bypass Through User-Controlled Key

References

docs.pointsharp.com/psa/advisories/psa-2026-001.html (vendor-advisory)