Description
Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Tue, 07 Jul 2026 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Esri
Esri portal For Arcgis |
|
| Vendors & Products |
Esri
Esri portal For Arcgis |
Tue, 07 Jul 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API. | |
| Title | Missing Authentication | |
| Weaknesses | CWE-640 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Esri
Published:
Updated: 2026-07-07T17:02:08.793Z
Reserved: 2026-06-23T16:51:42.540Z
Link: CVE-2026-13019
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-07T17:30:17Z
Weaknesses