Directory Traversal Vulnerability in ArcGIS Server by Esri
CVE-2026-9181
9.8CRITICAL
What is CVE-2026-9181?
ArcGIS Server has a directory traversal vulnerability that allows an unauthenticated attacker to exploit improperly validated path parameters. By sending specially crafted requests, an attacker could gain access to sensitive files stored on the system. This issue affects all versions of ArcGIS Server 12.0 and earlier, posing a significant risk to data security and system integrity.
Affected Version(s)
ArcGIS Server Windows 0 <= 12.0
