CVE-2026-33518
published 2026-04-21CVE-2026-33518: An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create…
PriorityP344high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.29%
21.2th percentile
An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| esri | portal_for_arcgis | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Esri Portal for ArcGIS 11.5 privileges assignment (Nessus ID 309967)
vuldb·2026-04-24·CVSS 9.8
CVE-2026-33518 [CRITICAL] Esri Portal for ArcGIS 11.5 privileges assignment (Nessus ID 309967)
A vulnerability classified as critical has been found in Esri Portal for ArcGIS 11.5. This vulnerability affects unknown code. This manipulation causes incorrect privilege assignment.
This vulnerability is registered as CVE-2026-33518. Remote exploitation of the attack is possible. No exploit is available.
GHSA
GHSA-5qjr-2xxv-p9m9: An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11
ghsa_unreviewed·2026-04-21
CVE-2026-33518 [CRITICAL] CWE-266 GHSA-5qjr-2xxv-p9m9: An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11
An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-21
Published