Known Vulnerabilities for products from Esri

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Esri".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-33519 json Not Provided 2026-04-21 2026-04-23
CVE-2026-33518 json An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly... Not Provided 2026-04-21 2026-05-18
CVE-2026-13020 json A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windo... Not Provided 2026-07-07 2026-07-09
CVE-2026-13019 json Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical ... Not Provided 2026-07-07 2026-07-09
CVE-2026-9182 json Esri ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue b... Not Provided 2026-07-06 2026-07-08
CVE-2026-9181 json Esri ArcGIS Server contains a directory traversal vulnerability. ArcGIS Enterprise on Kubernetes is not impacted. An unauthen... Not Provided 2026-07-06 2026-07-08
CVE-2026-2813 json ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploi... Not Provided 2026-05-20 2026-05-21
CVE-2026-2812 json ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticate... Not Provided 2026-05-20 2026-05-21
CVE-2023-25848 json ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthoriz... 5.3 - MEDIUM 2023-08-25 2023-08-31
CVE-2023-25841 json There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 10.8.1 – 11.0 on Windows and Linux pla... 6.1 - MEDIUM 2023-07-21 2023-08-02
CVE-2023-25840 json There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 10.8.1 – 11.1 that may allow a remote, authent... 3.4 - LOW 2023-07-21 2023-08-01
CVE-2023-25839 json There is SQL injection vulnerability in Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1 that may allow a lo... 7 - HIGH 2023-07-19 2023-07-27
CVE-2023-25838 json There is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, auth... 7.5 - HIGH 2023-07-19 2023-07-27
CVE-2023-25837 json There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, aut... 4.8 - MEDIUM 2023-07-21 2024-01-29
CVE-2023-25836 json There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, aut... 5.4 - MEDIUM 2023-07-21 2023-08-07
CVE-2023-25835 json There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 th... 4.8 - MEDIUM 2023-07-21 2024-01-29
CVE-2023-25834 json Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue ... 5.4 - MEDIUM 2023-05-09 2023-05-22
CVE-2023-25833 json There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authentic... 5.4 - MEDIUM 2023-05-10 2024-02-01
CVE-2023-25832 json There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attac... 8.8 - HIGH 2023-05-09 2024-02-01
CVE-2023-25831 json There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote,... 6.1 - MEDIUM 2023-05-09 2023-05-16

Known software with vulnerabilities from Esri

Type Vendor Product Version
ApplicationEsriArcgis-
ApplicationEsriArcgis 3d Analyst-
ApplicationEsriArcgis Arcsde-
ApplicationEsriArcgis Enterprise10.6.1
ApplicationEsriArcgis For Server10.1.1
ApplicationEsriArcgis Runtime Toolkit10.2.0
ApplicationEsriArcgis Server10.2.2
ApplicationEsriArcgis Spatial Analyst-
ApplicationEsriArcinfo Workstation-
ApplicationEsriArcmap9.0
ApplicationEsriArcpad-
ApplicationEsriArcsde-
ApplicationEsriArcview-
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report