CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-2812

ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the endpoint. Successful exploitation may result in disruption of the web-based browsing interface. This issue affects ArcGIS Server 12.0 and earlier.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 26.7%

CVSS Severity

CVSS v3 Score 5.3

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/april2026_security_bulletin

Products affected by CVE-2026-2812

Esri » Arcgis Server » Version: 11.1

cpe:2.3:a:esri:arcgis_server:11.1
Esri » Arcgis Server » Version: 11.2

cpe:2.3:a:esri:arcgis_server:11.2
Esri » Arcgis Server » Version: 11.3

cpe:2.3:a:esri:arcgis_server:11.3
Esri » Arcgis Server » Version: 11.4

cpe:2.3:a:esri:arcgis_server:11.4
Esri » Arcgis Server » Version: 11.5

cpe:2.3:a:esri:arcgis_server:11.5
Linux » Linux Kernel » Version: N/A

cpe:2.3:o:linux:linux_kernel:-
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-2812

Products

Pricing

Contact Us