Cross Site Scripting Vulnerability in Esri ArcGIS Pro
CVE-2026-1446
5MEDIUM
What is CVE-2026-1446?
A Cross Site Scripting vulnerability exists in Esri ArcGIS Pro that allows a local attacker to inject malicious scripts into the application. This may occur when a specific dialog is opened within versions 3.6.0 and earlier. Successful exploitation could lead to unauthorized script execution, potentially compromising user data and application integrity. Users are advised to upgrade to ArcGIS Pro 3.6.1, where this issue has been addressed.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
ArcGIS Pro x64 1.0 < 3.6.1
References
CVSS V3.1
Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved