CVE-2026-33518

CRITICAL

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected.

CVSS v3.1 Score

9.8

/ 10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Information

Published: 21 avr. 2026
Updated: 22 avr. 2026
Status: Awaiting Analysis
Source: psirt@esri.com

Weaknesses (CWE)

CWE-266

References (1)

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/april2026_security_bulletin

Similar CVEs

Other vulnerabilities of type CWE-266

Loading…

Monitor your products

Get automatic alerts for every new CVE affecting your equipment.

Enable monitoring