CVE-2026-33518

Incorrect privilege assignment in Portal for ArcGIS

Description

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected.

INFO

Published Date :

2026-04-21T20:37:52.198Z

Last Modified :

2026-04-23T03:56:06.811Z

Source :

Esri

AFFECTED PRODUCTS

The following products are affected by CVE-2026-33518 vulnerability.

Vendors	Products
Esri	Portal For Arcgis

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-33518.

URL	Resource
https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/april2026_security_bulletin

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact