CVEFinder.io

CVE-2026-2813

πŸ”Ά medium
πŸ” Scan for this CVE
Summary

ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitation may result in the application redirecting the browser to an unintended, untrusted site, resulting in a limited confidentiality impact under specific user interaction conditions. The vulnerability affects only the client side navigation logic during authentication and remains confined to the same s

Description

ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitation may result in the application redirecting the browser to an unintended, untrusted site, resulting in a limited confidentiality impact under specific user interaction conditions.
The vulnerability affects only the client side navigation logic during authentication and remains confined to the same security boundary. No server side compromise or cross component impact is possible.Β Β This issue affects ArcGIS Server 11.5.

CVSS Score
4.7
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-20
First Seen: 2026-05-21
πŸ“Š Relative Risk Intelligence

This CVE is Lower Risk - more severe than 13.8% of all 329,456 vulnerabilities in our database.

#284,050
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 20, 2026
πŸ” Exploitation Status
None
No known exploits
βš™οΈ Automatable
NO
Requires human interaction
πŸ’₯ Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-05-21
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
CWE IDs (Weakness Types)
CWE-601

πŸ“¦ Affected Products 1

Vendor Product Status Affected Versions
esri arcgis_server Affected
v11.5

πŸ”— References 1

https://www.esri.com/arcgis-blog/products/trust-arcg...
Vendor Advisory

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-2812 πŸ”Ά medium 5.3 0.1 ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthent... 2026-05-20
CVE-2025-67703 πŸ”Ά medium 6.1 0.1 There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some co... 2025-12-31
CVE-2025-67704 πŸ”Ά medium 6.1 0.1 There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some co... 2025-12-31
CVE-2025-67705 πŸ”Ά medium 6.1 0.1 There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some co... 2025-12-31
CVE-2025-67706 πŸ”Ά medium 5.6 0.1 ArcGIS Server versions 11.5 and earlier on Windows and Linux do not sufficiently validate uploaded files, enabling a rem... 2025-12-31
CVE-2025-67707 πŸ”Ά medium 5.6 0.3 ArcGIS Server versions 11.5 and earlier on Windows and Linux do not sufficiently validate uploaded files, enabling a rem... 2025-12-31
These CVEs affect the same products