Vendor
An unauthenticated attacker can exploit CVE-2026-9181, a critical directory traversal vulnerability in ArcGIS Server versions 12.0 and prior, by sending crafted path parameters to access sensitive files, leading to unauthorized information disclosure.