CVE 9.8 CRITICAL

Incorrect privilege assignment in Portal for ArcGIS_CVE-2026-33518

April 21, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected.

AI Analysis

Incorrect privilege assignment vulnerability in Portal for ArcGIS

Basic Information

ID CVE-2026-33518

Source Esri

Published Apr 21, 2026 at 20:37

Affected Product

Vendor Esri

Product Portal for ArcGIS

Version 11.5

Affected Versions Esri Portal for ArcGIS 11.5

CWE Classification

CWE-266

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Esri

Product Portal for ArcGIS

Version 11.5

References

www.esri.com /arcgis-blog/products/trust-arcgis/administration/april2026_security_bulletin

{
    "lastseen": "",
    "description": "An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected.",
    "published": "2026-04-21T20:37:52.198Z",
    "modified": "2026-04-21T20:37:52.198Z",
    "type": "cve",
    "title": "Incorrect privilege assignment in Portal for ArcGIS",
    "source": "Esri",
    "references": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/april2026_security_bulletin",
    "id": "CVE-2026-33518",
    "bulletinFamily": "",
    "cwe": [
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "Esri Portal for ArcGIS 11.5",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Portal for ArcGIS",
    "version": "11.5",
    "vendor": "Esri",
    "ai_description": "Incorrect privilege assignment vulnerability in Portal for ArcGIS",
    "ai_severity": "Critical",
    "ai_vendor": "Esri",
    "ai_product": "Portal for ArcGIS",
    "ai_version": "11.5",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply