Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Tue, 07 Jul 2026 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Esri
Esri portal For Arcgis |
|
| Vendors & Products |
Esri
Esri portal For Arcgis |
Tue, 07 Jul 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API. | |
| Title | Missing Authentication | |
| Weaknesses | CWE-640 | |
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: Esri
Published:
Updated: 2026-07-07T17:02:08.793Z
Reserved: 2026-06-23T16:51:42.540Z
Link: CVE-2026-13019
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-07T17:30:17Z
Weaknesses