CVE-2026-33518 | THREATINT

Description

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected.

PUBLISHED Reserved 2026-03-20 | Published 2026-04-21 | Updated 2026-04-23 | Assigner Esri

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-266: Incorrect Privilege Assignment (4.19.1)

Product status

Default status

unaffected

11.5

affected

References

www.esri.com/...s/administration/april2026_security_bulletin

cve.org (CVE-2026-33518)

nvd.nist.gov (CVE-2026-33518)

Download JSON