Improper Authentication Vulnerability in ArcGIS Server by Esri
CVE-2026-2812

5.3MEDIUM

Key Information:

Vendor: Esri
Status: Arcgis Server
Vendor: CVE Published:; 20 May 2026

What is CVE-2026-2812?

ArcGIS Server is impacted by an improper authentication vulnerability stemming from an undocumented administrative endpoint. An unauthenticated attacker could leverage this flaw by sending specially crafted requests to the affected endpoint, potentially disrupting the web-based browsing interface. It is crucial for organizations using ArcGIS Server 12.0 and earlier to review their security measures and apply necessary mitigations to safeguard against potential exploitation.

Affected Version(s)

ArcGIS Server Windows 11.1 <= 12.0

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/ad...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
Feb 19, 2026

CVE-2026-2812 Data

JSON