CVE-2026-2813— Unvalidated Redirect in ArcGIS Server
Affected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Esri | ArcGIS Server | 11.5 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-2813
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unvalidated Redirect in ArcGIS Server
Source: NVD (National Vulnerability Database)
Vulnerability Description
ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitation may result in the application redirecting the browser to an unintended, untrusted site, resulting in a limited confidentiality impact under specific user interaction conditions. The vulnerability affects only the client side navigation logic during authentication and remains confined to the same security boundary. No server side compromise or cross component impact is possible. This issue affects ArcGIS Server 11.5.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Esri ArcGIS Server 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Esri ArcGIS Server是Esri公司的一个面向Web的可用于提供地理位置服务的企业级软件平台。 Esri ArcGIS Server 11.5版本存在安全漏洞,该漏洞源于登录重定向工作流中存在输入验证弱点,可能导致经过身份验证的攻击者通过发送特制请求利用此问题,成功利用可能导致应用程序将浏览器重定向到意外的不可信站点,在特定用户交互条件下造成有限的机密性影响。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Esri | ArcGIS Server | 11.5 | - |
II. Public POCs for CVE-2026-2813
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-2813
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: ArcGIS Server
- CVE-2026-2812
Improper Authentication issue in ArcGIS Server - CVE-2025-67711
Reflected XSS vulnerability in ArcGIS Server. - CVE-2025-67710
Stored XSS vulnerability in ArcGIS Server - CVE-2025-67709
There is a cross site scripting issue in ArcGIS Server. - CVE-2025-67708
Reflected cross-site scripting (XSS) vulnerability in ArcGIS
Same vendor: Esri
- CVE-2026-2812
Improper Authentication issue in ArcGIS Server - CVE-2026-33519
Incorrect privilege assignment in Portal for ArcGIS - CVE-2026-33518
Incorrect privilege assignment in Portal for ArcGIS - CVE-2026-1446
XSS issue is Esri ArcGIS Pro versions 3.6.0 and earlier - CVE-2025-67711
Reflected XSS vulnerability in ArcGIS Server.
V. Comments for CVE-2026-2813
No comments yet