TROYANOSYVIRUS
Retour aux CVEs

CVE-2026-33519

CRITICAL
9.8

Description

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.

Details CVE

Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie4/21/2026
Derniere modification4/22/2026
Sourcenvd
Observations honeypot0

Faiblesses (CWE)

CWE-266

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/april2026_security_bulletin(psirt@esri.com)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.