PatchSiren cyber security CVE debrief
CVE-2026-2812 Esri CVE debrief
CVE-2026-2812 describes an improper authentication issue affecting ArcGIS Server 12.0 and earlier. According to the NVD record, an unauthenticated attacker can send a crafted request to an undocumented administrative endpoint and may disrupt the web-based browsing interface. The vulnerability is rated CVSS 5.3 (medium) and is mapped to CWE-287.
- Vendor
- Esri
- Product
- ArcGIS Server
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-20
- Original CVE updated
- 2026-05-21
- Advisory published
- 2026-05-20
- Advisory updated
- 2026-05-21
Who should care
Organizations running ArcGIS Server 12.0 or earlier, especially teams responsible for internet-facing deployments, administrative access controls, and service availability monitoring.
Technical summary
The supplied NVD entry cites an official Esri security bulletin and lists CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, indicating a network-reachable issue requiring no privileges or user interaction. The weakness is classified as CWE-287 (improper authentication). The described impact is disruption of the web-based browsing interface rather than confidentiality loss. Because the source corpus references ArcGIS Server directly, this issue should be treated as an Esri ArcGIS Server authentication control failure in an undocumented administrative endpoint, with affected versions identified as 12.0 and earlier.
Defensive priority
Medium priority. Patch during the next normal maintenance window, or sooner if ArcGIS Server is internet-facing or the browsing interface is business-critical.
Recommended defensive actions
- Review the Esri April 2026 security bulletin referenced by NVD and apply the vendor fix for ArcGIS Server 12.0 and earlier.
- Inventory ArcGIS Server instances and confirm which deployments are on 12.0 or earlier.
- Restrict network access to administrative and management endpoints; do not expose them broadly to the internet.
- Monitor for anomalous requests and unexpected disruption of the ArcGIS Server web browsing interface.
- Validate reverse proxy, firewall, and WAF rules to ensure undocumented administrative paths are not reachable from untrusted networks.
Evidence notes
The source corpus contains an official NVD record for CVE-2026-2812 and a reference to an Esri security bulletin (via [email protected]). NVD metadata lists the vulnerability status as Received, the weakness as CWE-287, and the CVSS vector as CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. The corpus does not provide a Known Exploited Vulnerabilities listing or ransomware campaign association.
Official resources
-
CVE-2026-2812 CVE record
CVE.org
-
CVE-2026-2812 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
Published by the CVE/NVD record on 2026-05-20. No KEV entry, due date, or confirmed exploitation details were provided in the supplied corpus.