CVE-2026-33519

CRITICAL CVSS 9.8 View on NVD ↗

Description

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/april2026_security_bulletin

Published: Apr 21, 2026 21:16 UTC Modified: Apr 21, 2026 21:16 UTC