CVE-2026-33519 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 21, 2026
Esri Portal for ArcGIS - Authorization Bypass
Published: April 21, 2026Updated: April 21, 2026Remote Exploitable
Overview
Esri Portal for ArcGIS 11.4, 11.5, and 12.0 on Windows, Linux, and Kubernetes contains an authorization bypass caused by incorrect permission checks for developer credentials, letting attackers escalate privileges, exploit requires developer credentials.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Attackers with developer credentials can bypass authorization, potentially gaining elevated privileges and unauthorized access.
Mitigation
Update to the latest version of Esri Portal for ArcGIS.
References
Related Resources
Details
- CVE ID
- CVE-2026-33519
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- broken_access_control
- Status
- new
CWE
- CWE-266
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H