CVE-2026-33519 | THREATINT

Description

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.

PUBLISHED Reserved 2026-03-20 | Published 2026-04-21 | Updated 2026-04-23 | Assigner Esri

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-266: Incorrect Privilege Assignment (4.19.1)

Product status

Default status

unaffected

11.4

affected

11.5

affected

12.0

affected

References

www.esri.com/...s/administration/april2026_security_bulletin

cve.org (CVE-2026-33519)

nvd.nist.gov (CVE-2026-33519)

Download JSON