CVE-2026-33519
published 2026-04-21CVE-2026-33519: An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check…
PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.31%
22.9th percentile
An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| esri | portal_for_arcgis | — | — |
| esri | portal_for_arcgis | — | — |
| esri | portal_for_arcgis | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Esri Portal for ArcGIS 11.4/11.5/12.0 privileges assignment (Nessus ID 309966)
vuldb·2026-04-24·CVSS 9.8
CVE-2026-33519 [CRITICAL] Esri Portal for ArcGIS 11.4/11.5/12.0 privileges assignment (Nessus ID 309966)
A vulnerability, which was classified as critical, has been found in Esri Portal for ArcGIS 11.4/11.5/12.0. Impacted is an unknown function. Performing a manipulation results in incorrect privilege assignment.
This vulnerability is reported as CVE-2026-33519. The attack is possible to be carried out remotely. No exploit exists.
GHSA
GHSA-rvfx-c797-vvhx: An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11
ghsa_unreviewed·2026-04-21
CVE-2026-33519 [CRITICAL] CWE-266 GHSA-rvfx-c797-vvhx: An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11
An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-21
Published