Product
A critical vulnerability (CVE-2026-13020) exists in Esri Portal for ArcGIS versions 12.1 and earlier, affecting deployments on Windows, Linux, and Kubernetes, where a weak password recovery mechanism allows a remote, unauthorized attacker to assume ownership of a user's account by exploiting this flaw.