Input Validation Weakness in ArcGIS Server by Esri
CVE-2026-2813

4.7MEDIUM

Key Information:

Vendor: Esri
Status: Arcgis Server
Vendor: CVE Published:; 20 May 2026

What is CVE-2026-2813?

Esri's ArcGIS Server experiences an input validation flaw within its login redirection process. This vulnerability allows authenticated attackers to exploit the system by crafting specific requests, which could redirect users to unauthorized and potentially harmful sites. Although this primarily risks user confidentiality under certain conditions, the issue is limited to the client-side authentication workflow and does not compromise server integrity or affect other system components. Currently, the issue affects versions 11.5 of ArcGIS Server.

Affected Version(s)

ArcGIS Server Windows 11.5

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/ad...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
Feb 19, 2026

CVE-2026-2813 Data

JSON