PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-9182 Esri CVE debrief

CVE-2026-9182 is an unrestricted file upload vulnerability in ArcGIS Server. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload. This issue has a CVSS score of 5.3 and is considered Medium severity. Administrators and users of ArcGIS Server should be aware of this vulnerability and take necessary precautions to prevent exploitation.

Vendor
Esri
Product
ArcGIS Server
CVSS
MEDIUM 5.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-06
Original CVE updated
2026-07-08
Advisory published
2026-07-06
Advisory updated
2026-07-08

Who should care

Administrators and users of ArcGIS Server, as well as security teams and vulnerability management teams, should be aware of this vulnerability and take necessary precautions to prevent exploitation. This includes reviewing and applying vendor security bulletins, restricting access to the affected endpoint, and monitoring for suspicious file upload activity.

Technical summary

The vulnerability exists in ArcGIS Server, allowing an unauthenticated attacker to upload a crafted file to the affected endpoint, potentially leading to arbitrary file upload. The CVSS score of 5.3 indicates a Medium severity vulnerability. The issue is related to unrestricted file upload, which can lead to arbitrary file upload.

Defensive priority

Medium priority due to the CVSS score of 5.3 and the potential for arbitrary file upload.

Recommended defensive actions

  • Review and apply the vendor's security bulletin for ArcGIS Server
  • Restrict access to the affected endpoint
  • Monitor for suspicious file upload activity
  • Perform vulnerability scanning and asset inventory to identify exposed systems
  • Implement compensating controls for exposed systems while remediation is scheduled and verified

Evidence notes

The CVE record was published on 2026-07-06T19:17:09.680Z and last modified on 2026-07-08T03:09:26.987Z. The NVD entry is currently Analyzed. The vulnerability exists in ArcGIS Server, allowing an unauthenticated attacker to upload a crafted file to the affected endpoint, potentially leading to arbitrary file upload. Evidence is limited to CVE and NVD details.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-06T19:17:09.680Z and has not been modified since then. The NVD entry is currently Analyzed.