Summary
Esri patched two critical vulnerabilities (CVE-2026-33518 and CVE-2026-33519) in ArcGIS Enterprise and cloud platforms that allow for the creation and use of over-privileged developer credentials. These flaws could lead to unauthorized access to sensitive data and require immediate patching or credential invalidation.
Take Action:
If you are using self-hosted ArcGIS portals, check if you are using API or OAuth2 keys. If you do, patch ASAP. Even if you don't use API or OAuth2 keys now, it's smart to patch because someone will use them soon. Until you patch, audit and disable your API keys and OAuth tokens until you patch.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)