<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Portal for ArcGIS 12.1 and Earlier - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/portal-for-arcgis-12.1-and-earlier/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Tue, 07 Jul 2026 17:17:53 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/portal-for-arcgis-12.1-and-earlier/feed.xml" rel="self" type="application/rss+xml"/><item><title>Critical Unauthenticated API Access in Esri Portal for ArcGIS (CVE-2026-13019)</title><link>https://feed.craftedsignal.io/briefs/2026-07-esri-portal-rce/</link><pubDate>Tue, 07 Jul 2026 17:17:53 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-esri-portal-rce/</guid><description>A critical missing authentication vulnerability (CVE-2026-13019) in Esri Portal for ArcGIS versions 12.1 and earlier allows a remote, unauthenticated attacker to access unprotected critical APIs, impacting deployments on Windows, Linux, and Kubernetes environments.</description><content:encoded><![CDATA[<p>A critical missing authentication vulnerability, tracked as CVE-2026-13019, has been identified in Esri Portal for ArcGIS versions 12.1 and earlier. This flaw allows a remote, unauthenticated attacker to bypass authentication mechanisms and directly access critical API functions. With a CVSS v3.1 base score of 9.8, this vulnerability poses an extreme risk, enabling attackers to potentially manipulate or extract sensitive Geographic Information System (GIS) data, compromise system integrity, or perform unauthorized administrative operations. The vulnerability affects deployments across various platforms, including Windows, Linux, and Kubernetes environments, making a wide range of organizations using Esri's GIS solutions susceptible to compromise. Immediate patching is imperative to mitigate the risk of unauthorized access and potential data breaches.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>Attacker identifies a public-facing Esri Portal for ArcGIS instance running version 12.1 or earlier.</li>
<li>Attacker researches or discovers the specific critical API endpoints vulnerable to authentication bypass.</li>
<li>Attacker crafts an HTTP request targeting a known critical API endpoint on the vulnerable Esri Portal for ArcGIS system.</li>
<li>The crafted request is sent to the Esri Portal for ArcGIS web server without including valid authentication credentials.</li>
<li>Due to the missing authentication vulnerability (CVE-2026-13019), the Esri Portal for ArcGIS processes the unauthenticated request as if it were legitimate.</li>
<li>The attacker successfully gains unauthorized access to the unprotected critical API, enabling them to invoke sensitive functions or retrieve privileged information.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-13019 grants remote, unauthenticated attackers full access to critical API functions within Esri Portal for ArcGIS. This can lead to a range of severe consequences, including unauthorized viewing, modification, or deletion of sensitive GIS data, system configuration changes, and potentially full compromise of the Esri Portal infrastructure. Organizations in sectors relying heavily on GIS data, such as government, utilities, and infrastructure, are particularly at risk. The broad platform applicability (Windows, Linux, Kubernetes) means a wide array of deployments are exposed, potentially leading to widespread data breaches or operational disruption.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Patch CVE-2026-13019 on all Esri Portal for ArcGIS instances immediately by upgrading to a patched version (12.2 or later) or applying the vendor-provided security updates.</li>
<li>Review Esri Portal for ArcGIS web server access logs for anomalous unauthenticated access patterns to API endpoints that could indicate attempted or successful exploitation of CVE-2026-13019.</li>
</ul>
]]></content:encoded><category domain="severity">critical</category><category domain="type">advisory</category><category>vulnerability</category><category>esri</category><category>arcgis</category><category>unauthenticated-access</category><category>api-security</category><category>rce</category></item></channel></rss>