Primary

Context

Esri Portal for ArcGIS Incorrect Privilege Assignment Vulnerability Allowing Over-Privileged Developer Credentials

Vulnerability

Patched

A vulnerability in Esri Portal for ArcGIS versions 11.5 on Windows and Linux allows highly privileged users to create developer credentials that may grant excessive privileges. This incorrect privilege assignment could lead to unauthorized access or actions beyond what is intended.

Impact

Exploitation of this vulnerability could result in developer credentials being granted more privileges than expected, potentially allowing for unauthorized actions or access within the application.

Remediation

Users of Esri Portal for ArcGIS 11.5 should apply the security patch released on April 13, 2026, which resets over-scoped developer credentials to their default permissions. This patch is available for both Windows and Linux. For Kubernetes customers, ArcGIS Enterprise 12.0 Update 3 should be applied.

Added: Apr 21, 2026, 11:19 PM

Updated: Apr 21, 2026, 11:19 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

4.8

remediation

7.9

relevance

6.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

4.8

remediation

7.9

relevance

6.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Esri Portal for ArcGIS Incorrect Privilege Assignment Vulnerability Allowing Over-Privileged Developer Credentials

Vulnerability

Impact

Remediation

Affected Products

Esri Portal for ArcGIS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating