Known Vulnerabilities for Arcgis by Esri
Listed below are 7 of the newest known vulnerabilities associated with "Arcgis" by "Esri".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33519 json | An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernete... | Not Provided | 2026-04-21 | 2026-04-23 |
| CVE-2026-33518 json | An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly... | Not Provided | 2026-04-21 | 2026-04-23 |
| CVE-2026-13020 json | A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windo... | Not Provided | 2026-07-07 | 2026-07-08 |
| CVE-2026-13019 json | Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical ... | Not Provided | 2026-07-07 | 2026-07-08 |
| CVE-2026-9182 json | Esri ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue b... | Not Provided | 2026-07-06 | 2026-07-08 |
| CVE-2026-9181 json | Esri ArcGIS Server contains a directory traversal vulnerability. ArcGIS Enterprise on Kubernetes is not impacted. An unauthen... | Not Provided | 2026-07-06 | 2026-07-08 |
| CVE-2026-2813 json | ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploi... | Not Provided | 2026-05-20 | 2026-05-20 |
| CVE-2026-2812 json | ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticate... | Not Provided | 2026-05-20 | 2026-05-20 |
| CVE-2023-25841 json | There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 10.8.1 – 11.0 on Windows and Linux pla... | 6.1 - MEDIUM | 2023-07-21 | 2023-08-02 |
| CVE-2023-25840 json | There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 10.8.1 – 11.1 that may allow a remote, authent... | 3.4 - LOW | 2023-07-21 | 2023-08-01 |