Missing Authentication in Esri Portal for ArcGIS Affects Multiple Platforms
CVE-2026-13019
9.8CRITICAL
What is CVE-2026-13019?
A security flaw in Esri Portal for ArcGIS versions 12.1 and earlier across multiple environments, including Windows, Linux, and Kubernetes, enables remote attackers to exploit a missing authentication mechanism. This vulnerability allows unauthorized individuals to access sensitive unprotected APIs, which can lead to further security breaches and data exposure.
Affected Version(s)
Portal for ArcGIS 0 < 12.1
