9.8

CVE-2026-33519

Incorrect privilege assignment in Portal for ArcGIS

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EsriPortal For Arcgis Version11.4 Update-
   KubernetesKubernetes Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
EsriPortal For Arcgis Version11.5 Update-
   KubernetesKubernetes Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
EsriPortal For Arcgis Version12.0 Update-
   KubernetesKubernetes Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.227
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@esri.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/april2026_security_bulletin
Vendor Advisory