Product
A critical missing authentication vulnerability (CVE-2026-13019) in Esri Portal for ArcGIS versions 12.1 and earlier allows a remote, unauthenticated attacker to access unprotected critical APIs, impacting deployments on Windows, Linux, and Kubernetes environments.