CRITICALCVE-2026-33519Published 2026-04-21Modified 2026-04-23CNA Esri

CVE-2026-33519: Incorrect privilege assignment in Portal for ArcGIS

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.

CVSS v3.1: 9.8
Severity: CRITICAL
Fixed in: —
Affected Products: 1

Affected packages

Esri / Portal for ArcGIS
11.4 · 11.5 · 12.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

esri.com

Metrics