If URL doesn't contain forward slash at the end of base URL, adding a user fails in case a user name is referenced by a UPN (format like username@domain.org). Surprisingly, a group addition still works. Took quite a few hours to figure this out - please save this time for others.

Steps to reproduce: try updating membership of existing safe and existing safe member. Member type group - works, member type user - does not. User name format used should be UPN.

This line works fine:
$URL_SafeSpecificMember = $URL_SpecificSafe + "/Members/{1}/"

According to API documentation, the base URL should end with a slash:
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/12.2/en/Content/WebServices/Update%20Safe%20Member.htm?tocpath=Developer%7CREST%20APIs%7CSafes%7CSafe%20members%7C_____2