Privilege Escalation in Esri Portal for ArcGIS by Esri
CVE-2026-33518

9.8CRITICAL

Key Information:

Vendor: Esri
Status: Portal For Arcgis
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-33518?

An incorrect privilege assignment vulnerability in Esri Portal for ArcGIS 11.5, available on both Windows and Linux platforms, allows users with high privileges to create developer credentials. This capability may lead to unintended privilege grants, potentially compromising the integrity and security of the system. Users could inadvertently gain access to permissions beyond what was intended, making it critical for organizations to assess and mitigate their user privilege management practices.

Affected Version(s)

Portal for ArcGIS Windows 11.5

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/ad...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Mar 20, 2026

CVE-2026-33518 Data

JSON