An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.
CVSS v3.1 Score
9.8
/ 10.0
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Information
- Published
- 21 avr. 2026
- Updated
- 22 avr. 2026
- Status
- Awaiting Analysis
- Source
- psirt@esri.com
Weaknesses (CWE)
CWE-266
Similar CVEs
Other vulnerabilities of type CWE-266
Loading…
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.