CVE-2026-33519: portal for arcgis vulnerability

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.
CVE-2026-33519CVSS 9.8Windows

CVE-2026-33519: portal for arcgis vulnerability

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.

CVSS
9.8 CRITICAL
EPSS
23.02%
Known exploited
not in KEV
Product
portal for arcgis

What is known

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.

Sources