CVE-2026-33518
9.8 CRITICALAn incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged ...
Published: 2026-04-21 · Last updated: 2026-05-18
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-266
Affected products
| Vendor | Product |
|---|---|
| esri | portal_for_arcgis |
Description
An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-2813 — ArcGIS Server contains an input validation weakness in the login redirection workflow (4.7 MEDIUM)
- CVE-2026-2812 — ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint (5.3 MEDIUM)
- CVE-2026-33519 — An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did n... (9.8 CRITICAL)
Same CWE
- CVE-2026-49060 — Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation (9.8 CRITICAL)
- CVE-2026-53814 — OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive owner-scoped ... (8.3 HIGH)
- CVE-2026-47169 — Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support
- CVE-2026-11620 — A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646 (5.3 MEDIUM)
- CVE-2026-11619 — A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2 (6.3 MEDIUM)