ID Server <9.0.0 Authenticated Horizontal Privilege Escalation
CVE-2026-3999 Published on March 13, 2026

Broken access control vulnerability affecting ID Server
A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability only impacts specific configurations.

Vendor Advisory NVD

Weakness Type

What is an Insecure Direct Object Reference / IDOR Vulnerability?

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CVE-2026-3999 has been classified to as an Insecure Direct Object Reference / IDOR vulnerability or weakness.

Affected Versions

Pointsharp ID Server:

Before 9.0.0 is affected.

Exploit Probability

EPSS

0.05%

Percentile

15.22%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

ID Server <9.0.0 Authenticated Horizontal Privilege EscalationCVE-2026-3999 Published on March 13, 2026

Weakness Type

What is an Insecure Direct Object Reference / IDOR Vulnerability?

Affected Versions

Exploit Probability

ID Server <9.0.0 Authenticated Horizontal Privilege Escalation
CVE-2026-3999 Published on March 13, 2026