HIGHCVE-2026-3999Published Modified CNA ENISA
CVE-2026-3999: Broken access control vulnerability affecting ID Server
A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability only impacts specific configurations.
Metrics
- CVSS v4.0
- 8.8
- Severity
- HIGH
- Fixed in
- 9.0.0
- Affected Products
- 1
Fix available
9.0.0
Affected packages
- Pointsharp / ID Server< 9.0.0 (from 0)
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:NReferences