CVE-2026-33519

CRITICAL NVD

CVSS Score 9.8

Severity CRITICAL

Published Apr 21, 2026

Vendor unknown

Description

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/april2026_security_bulletin