{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/portal-for-arcgis/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-33518"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Portal for ArcGIS"],"_cs_severities":["high"],"_cs_tags":["esri","arcgis","privilege-escalation","CVE-2026-33518","vulnerability"],"_cs_type":"advisory","_cs_vendors":["Esri"],"content_html":"\u003cp\u003eEsri Portal for ArcGIS 11.5, running on both Windows and Linux platforms, is susceptible to an incorrect privilege assignment vulnerability identified as CVE-2026-33518. This flaw enables users with elevated privileges within the ArcGIS portal to generate developer credentials that inadvertently grant broader permissions than intended. This vulnerability, if exploited, could lead to unauthorized access to sensitive resources, data breaches, and compromise of the entire ArcGIS environment. Successful exploitation could allow an attacker to perform administrative actions beyond their intended scope, potentially impacting data integrity and system availability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eA highly privileged user authenticates to the Esri Portal for ArcGIS 11.5.\u003c/li\u003e\n\u003cli\u003eThe user navigates to the developer credential creation interface within the portal.\u003c/li\u003e\n\u003cli\u003eThe user provides the necessary inputs to create a new developer credential.\u003c/li\u003e\n\u003cli\u003eDue to the vulnerability (CVE-2026-33518), the credential creation process incorrectly assigns excessive privileges to the newly created credential.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the newly created developer credentials to authenticate to the ArcGIS portal.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the excessive privileges to access restricted resources, such as sensitive data or administrative functions.\u003c/li\u003e\n\u003cli\u003eThe attacker performs unauthorized actions, potentially modifying data, creating new user accounts, or changing system configurations.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-33518 allows attackers to perform actions beyond their intended authorization level. This can lead to data breaches, unauthorized modification of GIS data, and disruption of services. The lack of proper privilege assignment opens the door for malicious actors to gain control over sensitive resources, compromise data integrity, and escalate their access to critical system components within the Esri ArcGIS environment. The impact can range from data theft to complete system compromise.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch or upgrade to a non-vulnerable version of Esri Portal for ArcGIS to remediate CVE-2026-33518, once available from the vendor.\u003c/li\u003e\n\u003cli\u003eImplement the \u0026quot;Detect ArcGIS Portal Excessive Developer Credential Creation\u0026quot; Sigma rule to detect suspicious developer credential creation activity.\u003c/li\u003e\n\u003cli\u003eReview and audit existing ArcGIS user accounts and their assigned privileges to identify and correct any over-provisioned access rights.\u003c/li\u003e\n\u003cli\u003eMonitor Esri Portal for ArcGIS logs for unusual account activity or privilege escalations.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-esri-privilege-escalation/","summary":"Esri Portal for ArcGIS 11.5 on Windows and Linux is vulnerable to privilege escalation (CVE-2026-33518), allowing highly privileged users to create developer credentials with excessive permissions.","title":"Esri Portal for ArcGIS Privilege Escalation via CVE-2026-33518","url":"https://feed.craftedsignal.io/briefs/2024-01-esri-privilege-escalation/"}],"language":"en","title":"CraftedSignal Threat Feed - Portal for ArcGIS","version":"https://jsonfeed.org/version/1.1"}