CVE-2026-33519

critical

Description

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/april2026_security_bulletin

Details

Source: Mitre, NVD

Published: 2026-04-21

Updated: 2026-04-21

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H