PSA-2026-001: Critical security update for ID Server – immediate action recommended
|
Last updated: 2026-03-06 |
Overview
We have identified and fixed a critical security vulnerability affecting ID Server. This issue may expose certain customers to increased security risk if they do not update to the latest version promptly.
A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability only impacts specific configurations.
Impact
-
Affected product: ID Server
-
Affected versions: All versions prior to 9.0.0
-
Not affected: Version 9.0.0 and higher
-
Potential risk: Successful exploitation of this vulnerability could allow an authenticated user to gain unauthorized access to resources belonging to another user.
|
At this time, we have not observed evidence of successful exploitation in customer environments. |
Required customer action
To protect your environment, we recommend our customers follow the steps below as soon as possible:
-
Update ID Server to the latest version
-
Update instructions: Upgrading from previous versions
-
Release notes: ID Server release notes
-
Acknowledgements
This issue was responsibly disclosed by Reema AlQahtani, Haboob Cybersecurity Services. We appreciate his cooperation in coordinating the disclosure.
Support and contact
If you need assistance applying the update or evaluating your exposure, please contact:
-
Email: support@pointsharp.com
-
Support portal: https://support.pointsharp.com
Your security and trust are our top priorities. We appreciate your prompt action to update.