CVE-2026-33519 is a critical incorrect-authorization vulnerability in Esri Portal for ArcGIS. Esri’s April 2026 security bulletin and the NVD record describe a failure to correctly check permissions assigned to developer credentials. The NVD entry rates the issue CVSS 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating a remotely reachable flaw with potential high impact to confidentiality, integrity, a [truncated]
CVE-2026-33518 is a critical vulnerability in Esri Portal for ArcGIS 11.5 on Windows and Linux. The issue is described as an incorrect privilege assignment that can allow developer credentials to end up with more privileges than expected. NVD rates the flaw as CVSS 3.1 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), so defenders should treat it as urgent even though the vendor-facing description centers on pri [truncated]
