Critical Privilege Escalation in Esri Portal for ArcGIS
The National Vulnerability Database has disclosed CVE-2026-33518, a critical incorrect privilege assignment vulnerability in Esri Portal for ArcGIS versions 11.5 on both Windows and Linux. This flaw, rated with a CVSS score of 9.8, allows highly privileged users to generate developer credentials with elevated permissions beyond what’s expected or intended.
This isn’t a zero-day for initial access, but it’s a critical horizontal movement and privilege escalation vector. Once an attacker gains a foothold as a highly privileged user—perhaps through social engineering, a misconfiguration, or another vulnerability—they can leverage this to create even more powerful credentials. This effectively bypasses granular access controls, granting them broader reach and deeper control within the ArcGIS environment.
The attacker’s calculus here is clear: consolidate control. Instead of being limited by their initial access, they can craft credentials that grant them administrative-level power over the GIS data and infrastructure. For defenders, this means a compromised highly privileged user becomes a far greater threat, capable of extensive data manipulation, exfiltration, or system disruption.
What This Means For You
- If your organization uses Esri Portal for ArcGIS 11.5 on Windows or Linux, this is a critical vulnerability that demands immediate attention. Even with robust perimeter defenses, a single compromised highly privileged user account can be weaponized to escalate privileges dramatically. You need to identify all instances of Esri Portal for ArcGIS 11.5 and monitor for any suspicious credential creation or modification activities, especially those related to developer accounts. Audit your existing highly privileged users and their access patterns, as this vulnerability means their compromise has a broader blast radius.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Esri Portal for ArcGIS Privilege Escalation via Developer Credentials - CVE-2026-33518
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-33518 | Privilege Escalation | Esri Portal for ArcGIS 11.5 on Windows and Linux |
| CVE-2026-33518 | Misconfiguration | Incorrect privilege assignment allowing highly privileged users to create developer credentials with excessive privileges |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 22, 2026 at 00:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
HKUDS OpenHarness Default Config Exposes Systems (CVE-2026-6823)
CVE-2026-6823 — HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = ["*"] permitting arbitrary remote...
Critical AVideo XSS Vulnerability Exposes Admin Settings
CVE-2026-40925 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/configurationUpdate.json.php` (also routed via `/updateConfig`) persists dozens of global site...
Critical RCE in AVideo YPTSocket Plugin: Unauthenticated Account Takeover
CVE-2026-40911 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's WebSocket server relays attacker-supplied JSON message bodies...