PatchSiren cyber security CVE debrief
CVE-2026-2813 Esri CVE debrief
CVE-2026-2813 is a medium-severity issue in ArcGIS Server 11.5’s login redirection workflow. A specially crafted request can cause the browser to navigate to an unintended, untrusted site during authentication, creating a limited confidentiality risk when a user interacts with the flow. The supplied description says the impact stays within the client-side navigation logic and does not lead to server-side compromise or cross-component impact.
- Vendor
- Esri
- Product
- ArcGIS Server
- CVSS
- MEDIUM 4.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-20
- Original CVE updated
- 2026-05-21
- Advisory published
- 2026-05-20
- Advisory updated
- 2026-05-21
Who should care
Organizations running ArcGIS Server 11.5, especially administrators and security teams responsible for authentication flows, browser-facing portals, and user guidance around login redirects.
Technical summary
The vulnerability is described as an input-validation weakness in the login redirection path. The practical effect is an untrusted redirect during authentication, not a server-side code execution or lateral impact issue. The NVD record lists CVSS 3.1 vector AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N with a 4.7 MEDIUM score, while the description text also characterizes the attacker as authenticated; treat the access requirement carefully because the supplied record is internally mixed on privileges.
Defensive priority
Moderate. This is not a high-impact server compromise issue, but it can affect trust in the login flow and expose users to limited confidentiality risk through a malicious redirect. Prioritize if you operate ArcGIS Server 11.5 or have many users who routinely authenticate through exposed web portals.
Recommended defensive actions
- Review the Esri security bulletin linked in the record and confirm whether your ArcGIS Server 11.5 deployments are affected.
- Apply vendor remediation or configuration guidance as soon as it is available from Esri.
- Inventory ArcGIS Server 11.5 instances and track which environments expose the affected login workflow to end users.
- Validate post-remediation login behavior to ensure redirects stay within the intended trusted destination.
- Inform users and support staff to be cautious of unexpected destination changes during sign-in and to verify the site they land on after authentication.
Evidence notes
The source description states that ArcGIS Server 11.5 has an input validation weakness in login redirection and that successful exploitation can redirect a browser to an unintended, untrusted site. The NVD record attached to the CVE lists CVSS 3.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N with a score of 4.7 (MEDIUM) and references Esri’s security bulletin. The supplied record does not include exploit details, remediation text, or any KEV listing.
Official resources
-
CVE-2026-2813 CVE record
CVE.org
-
CVE-2026-2813 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE and source metadata were published and last modified on 2026-05-20T20:16:37.087Z. No KEV date is present in the supplied timeline.