CVE 9.8 CRITICAL

Incorrect privilege assignment in Portal for ArcGIS_CVE-2026-33519

April 21, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.

AI Analysis

Incorrect authorization vulnerability in Esri Portal for ArcGIS due to incorrect permission checks for developer credentials

Basic Information

ID CVE-2026-33519

Source Esri

Published Apr 21, 2026 at 20:38

Affected Product

Vendor Esri

Product Portal for ArcGIS

Version 11.4

Affected Versions Esri Portal for ArcGIS 11.4
Esri Portal for ArcGIS 11.5
Esri Portal for ArcGIS 12.0

CWE Classification

CWE-266

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Esri

Product Portal for ArcGIS

Version 11.4, 11.5, 12.0

References

www.esri.com /arcgis-blog/products/trust-arcgis/administration/april2026_security_bulletin

{
    "lastseen": "",
    "description": "An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.",
    "published": "2026-04-21T20:38:28.573Z",
    "modified": "2026-04-21T20:38:28.573Z",
    "type": "cve",
    "title": "Incorrect privilege assignment in Portal for ArcGIS",
    "source": "Esri",
    "references": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/april2026_security_bulletin",
    "id": "CVE-2026-33519",
    "bulletinFamily": "",
    "cwe": [
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "Esri Portal for ArcGIS 11.4\nEsri Portal for ArcGIS 11.5\nEsri Portal for ArcGIS 12.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Portal for ArcGIS",
    "version": "11.4",
    "vendor": "Esri",
    "ai_description": "Incorrect authorization vulnerability in Esri Portal for ArcGIS due to incorrect permission checks for developer credentials",
    "ai_severity": "Critical",
    "ai_vendor": "Esri",
    "ai_product": "Portal for ArcGIS",
    "ai_version": "11.4, 11.5, 12.0",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply