Executive Risk Summary
"A vulnerability in Esri Portal for ArcGIS 11.4, 11.5, and 12.0 allows unauthorized access due to incorrect authorization checks on developer credentials. This could lead to unauthorized data access or modifications within the portal."
Anticipated Attack Path
- 1. Initial Exploitation: Attacker identifies vulnerable Esri Portal for ArcGIS instance
- 2. Privilege Escalation: Attacker exploits incorrect authorization to gain unauthorized access
- 3. Data Exfiltration/Modification: Attacker accesses or modifies sensitive data within the portal
Am I Vulnerable?
- Verify Esri Portal for ArcGIS version and apply relevant patches
- Review developer credential permissions and access logs
- Monitor for unusual activity within the portal
Operational Audit Arsenal
Target Type Service
Target Asset ArcGIS Portal
Standard Path Windows, Linux, Kubernetes
Manual Verification Required
This is a non-Windows asset (Esri). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.
Patch Impact Forecast
Reboot Required Likely
Potential disruption to portal services during patch application
Internal Work Notes
CVE-2026-33519: Esri Portal for ArcGIS authorization vulnerability - apply patches and review developer credential permissions
Technical Intelligence & Operational Utilities • Delivered Weekly
Intelligence Sources
Related Esri Threats
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.