CVE-2026-33519
9.8 CRITICALAn incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did n...
Published: 2026-04-21 · Last updated: 2026-05-18
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-266
Affected products
| Vendor | Product |
|---|---|
| esri | portal_for_arcgis |
Description
An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-2813 — ArcGIS Server contains an input validation weakness in the login redirection workflow (4.7 MEDIUM)
- CVE-2026-2812 — ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint (5.3 MEDIUM)
- CVE-2026-33518 — An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged ... (9.8 CRITICAL)
Same CWE
- CVE-2026-49060 — Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation (9.8 CRITICAL)
- CVE-2026-53814 — OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive owner-scoped ... (8.3 HIGH)
- CVE-2026-47169 — Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support
- CVE-2026-11620 — A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646 (5.3 MEDIUM)
- CVE-2026-11619 — A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2 (6.3 MEDIUM)