Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API.
References
| Link | Resource |
|---|---|
| https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/june-2026-arcgis-security-bulletin | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
09 Jul 2026, 14:40
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Linux
Esri portal For Arcgis Kubernetes kubernetes Linux linux Kernel Esri Microsoft windows Kubernetes Microsoft |
|
| References | () https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/june-2026-arcgis-security-bulletin - Vendor Advisory | |
| CPE | cpe:2.3:a:kubernetes:kubernetes:-:*:*:*:*:*:*:* cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
07 Jul 2026, 17:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-07 17:16
Updated : 2026-07-09 14:40
NVD link : CVE-2026-13019
Mitre link : CVE-2026-13019
CVE.ORG link : CVE-2026-13019
JSON object : View
Products Affected
kubernetes
- kubernetes
esri
- portal_for_arcgis
microsoft
- windows
linux
- linux_kernel
CWE
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
