CVE-2026-33518

CRITICAL

Incorrect privilege assignment in Portal for ArcGIS

Title source: cna
STIX 2.1

Description

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected.

References (1)

Scores

CVSS v3 9.8
EPSS 0.0005
EPSS Percentile 16.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-266
Status published
Products (1)
Esri/Portal for ArcGIS 11.5
Published Apr 21, 2026
Tracked Since Apr 22, 2026