CVE-2026-33519CRITICAL 9.8EPSS p22.7%

CVE-2026-33519CVE-2026-33519

Description

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.31% probability of exploitation · percentile 22.7% · 2026-06-19T12:03:05Z
Published2026-04-21
Last modified2026-05-18

Underlying weaknesses· 1

CWE-266

References

  1. https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/april2026_security_bulletin

1

TypeTargetConfidenceTier
WeaknessIncorrect Privilege Assignmentcwe-2660%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-2538
CVE
CVE-2025-4967
CVE
CVE-2026-23658
CVE
CVE-2026-32213
CVE
CVE-2026-35438
CVE
CVE-2026-40371
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.