CVE-2026-13019

Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:*
OR cpe:2.3:a:kubernetes:kubernetes:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

09 Jul 2026, 14:40

Type Values Removed Values Added
First Time Linux
Esri portal For Arcgis
Kubernetes kubernetes
Linux linux Kernel
Esri
Microsoft windows
Kubernetes
Microsoft
References () https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/june-2026-arcgis-security-bulletin - () https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/june-2026-arcgis-security-bulletin - Vendor Advisory
CPE cpe:2.3:a:kubernetes:kubernetes:-:*:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

07 Jul 2026, 17:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-07 17:16

Updated : 2026-07-09 14:40


NVD link : CVE-2026-13019

Mitre link : CVE-2026-13019

CVE.ORG link : CVE-2026-13019


JSON object : View

Products Affected

kubernetes

  • kubernetes

esri

  • portal_for_arcgis

microsoft

  • windows

linux

  • linux_kernel
CWE
CWE-640

Weak Password Recovery Mechanism for Forgotten Password