Detections
Analytics

CVE-2026-33518

critical

Description

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected.

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/april2026_security_bulletin

Details

Source: Mitre, NVD

Published: 2026-04-21

Updated: 2026-04-21

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical