{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3999", "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "state": "PUBLISHED", "assignerShortName": "ENISA", "dateReserved": "2026-03-11T17:52:20.020Z", "datePublished": "2026-03-13T08:38:59.468Z", "dateUpdated": "2026-03-16T11:27:05.956Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "shortName": "ENISA", "dateUpdated": "2026-03-16T11:27:05.956Z"}, "title": "Broken access control vulnerability affecting ID Server", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-639", "description": "CWE-639 Authorization bypass through User-Controlled key", "type": "CWE"}]}], "affected": [{"vendor": "Pointsharp", "product": "ID Server", "versions": [{"status": "affected", "version": "0", "lessThan": "9.0.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A broken access control may allow an authenticated user to perform a \nhorizontal privilege escalation. The vulnerability only impacts specific\n configurations.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div>\n<p>A broken access control may allow an authenticated user to perform a \nhorizontal privilege escalation. The vulnerability only impacts specific\n configurations.</p>\n</div>"}]}], "references": [{"url": "https://docs.pointsharp.com/psa/advisories/psa-2026-001.html", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"}}], "credits": [{"lang": "en", "value": "Reema AlQahtani, Haboob Cybersecurity Services", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T16:04:52.787757Z", "id": "CVE-2026-3999", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T16:04:58.102Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3999", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-13T16:04:52.787757Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T16:04:54.947Z"}}], "cna": {"title": "Broken access control vulnerability affecting ID Server", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "Reema AlQahtani, Haboob Cybersecurity Services"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Pointsharp", "product": "ID Server", "versions": [{"status": "affected", "version": "0", "lessThan": "9.0.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://docs.pointsharp.com/psa/advisories/psa-2026-001.html", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "A broken access control may allow an authenticated user to perform a \nhorizontal privilege escalation. The vulnerability only impacts specific\n configurations.", "supportingMedia": [{"type": "text/html", "value": "<div>\n<p>A broken access control may allow an authenticated user to perform a \nhorizontal privilege escalation. The vulnerability only impacts specific\n configurations.</p>\n</div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639 Authorization bypass through User-Controlled key"}]}], "providerMetadata": {"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "shortName": "ENISA", "dateUpdated": "2026-03-16T11:27:05.956Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3999", "state": "PUBLISHED", "dateUpdated": "2026-03-16T11:27:05.956Z", "dateReserved": "2026-03-11T17:52:20.020Z", "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "datePublished": "2026-03-13T08:38:59.468Z", "assignerShortName": "ENISA"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A broken access control may allow an authenticated user to perform a \nhorizontal privilege escalation. The vulnerability only impacts specific\n configurations."}, {"lang": "es", "value": "Un control de acceso roto puede permitir a un usuario autenticado realizar una escalada de privilegios horizontal. La vulnerabilidad solo afecta a configuraciones espec\u00edficas."}], "id": "CVE-2026-3999", "lastModified": "2026-03-16T14:53:46.157", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "type": "Secondary"}]}, "published": "2026-03-13T19:55:13.130", "references": [{"source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "url": "https://docs.pointsharp.com/psa/advisories/psa-2026-001.html"}], "sourceIdentifier": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,9.0.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "ID Server", "source": "cna", "vendor": "Pointsharp"}, "product": "id_server", "vendor": "pointsharp"}], "analysis": {"en": {"generated_at": "2026-03-19T15:53:03.639527+00:00", "value": {"mitigation_remediation": ["Apply any Pointsharp ID Server patch or update that addresses the broken access control flaw.", "If no patch is available, review and restrict configuration settings that enable the flaw, enforcing least privilege for users.", "Segment the network to limit the reach of compromised accounts.", "Regularly monitor logs for anomalous access patterns by legitimate accounts."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The flaw affects the Pointsharp ID Server product. Specific affected versions are not listed, and the issue is limited to particular configurations of the server. Administrators should review the product configuration to determine whether the vulnerable settings are present.", "description_and_impact": "The vulnerability is a broken access control (CWE-639) that permits an authenticated user to perform horizontal privilege escalation within the Pointsharp ID Server. An attacker who can log in with valid credentials can exploit the flaw to access resources or data that belong to other users, thereby compromising the confidentiality and integrity of data owned by those users and enabling further lateral movement. The weakness arises because the system fails to enforce proper ownership checks on certain configurations.", "risk_and_exploitability": "The CVSS score of 8.8 indicates a high severity vulnerability, while the EPSS score of less than 1% suggests a low likelihood of immediate exploitation. This vulnerability is not listed in the CISA KEV catalog, which further indicates that active exploitation has not been reported. Exploitation requires valid authentication and access to the affected configuration, implying that the attack vector is likely remote but restricted to authenticated users. Administrators should treat this as a high priority to patch."}}}}, "created": "2026-03-16T09:37:52.124893+00:00", "updated": "2026-03-23T09:59:37.633916+00:00", "vendors": ["pointsharp", "pointsharp$PRODUCT$id_server"]}