Unrestricted File Upload Vulnerability in ArcGIS Server by Esri
CVE-2026-9182

5.3MEDIUM

Key Information:

Vendor

Esri

Vendor
CVE Published:
6 July 2026

What is CVE-2026-9182?

ArcGIS Server exhibits an unrestricted file upload vulnerability that may be exploited by unauthenticated attackers. By uploading specially crafted files to the affected endpoint, attackers could gain the ability to execute arbitrary files on the server. This vulnerability highlights the importance of securing file upload functionalities to prevent unauthorized access and potential harm to the system.

Affected Version(s)

ArcGIS Server Windows 0 <= 12.0

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.