Esri Security Vulnerabilities (CVEs)
Track 56 security vulnerabilities affecting Esri products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
A Cross-Site Scripting (XSS) vulnerability in Esri ArcGIS Pro versions 3.6.0 and earlier allows local attackers to execute arbitrary JavaScript code w...
Jan 26, 2026A stored cross-site scripting (XSS) vulnerability in Esri ArcGIS Server allows remote unauthenticated attackers to upload malicious files that execute...
Dec 31, 2025A stored cross-site scripting (XSS) vulnerability in Esri ArcGIS Server allows remote unauthenticated attackers to upload malicious files that execute...
Dec 31, 2025A stored cross-site scripting (XSS) vulnerability in Esri ArcGIS Server allows remote unauthenticated attackers to upload malicious files that execute...
Dec 31, 2025A stored cross-site scripting vulnerability in Esri ArcGIS Server allows remote unauthenticated attackers to upload malicious files that execute in vi...
Dec 31, 2025A stored cross-site scripting vulnerability in Esri ArcGIS Server allows attackers to upload malicious files that execute JavaScript in victims' brows...
Dec 31, 2025A stored cross-site scripting vulnerability in Esri ArcGIS Server allows attackers to upload malicious files that execute JavaScript in victims' brows...
Dec 31, 2025ArcGIS Server versions 11.5 and earlier on Windows and Linux contain a file upload vulnerability where remote attackers can upload arbitrary files. Ho...
Dec 31, 2025ArcGIS Server versions 11.5 and earlier on Windows and Linux contain a file upload vulnerability that allows remote attackers to upload arbitrary file...
Dec 31, 2025A stored cross-site scripting vulnerability in Esri ArcGIS Server allows remote unauthenticated attackers to upload malicious files that execute JavaS...
Dec 31, 2025An unvalidated redirect vulnerability in Esri Portal for ArcGIS allows attackers to craft malicious URLs that redirect users to arbitrary websites. Th...
Sep 29, 2025This vulnerability allows remote attackers to create malicious URLs that redirect users to arbitrary websites without validation. It affects unauthent...
Sep 29, 2025This CVE describes an unvalidated redirect vulnerability in Esri Portal for ArcGIS that allows attackers to craft malicious URLs. When clicked, these ...
Sep 29, 2025A reflected cross-site scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.4 and below allows remote authenticated attackers with admi...
Sep 29, 2025A reflected cross-site scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.4 and below allows remote authenticated administrators to i...
Sep 29, 2025A reflected cross-site scripting (XSS) vulnerability in Esri Portal for ArcGIS allows remote authenticated administrators to inject malicious JavaScri...
Sep 29, 2025A stored cross-site scripting vulnerability in Esri Portal for ArcGIS 11.4 and earlier allows authenticated attackers with high privileges to inject m...
Sep 29, 2025A reflected cross-site scripting (XSS) vulnerability in Esri Portal for ArcGIS allows remote authenticated administrators to inject malicious JavaScri...
Sep 29, 2025A stored cross-site scripting vulnerability in ArcGIS HUB and ArcGIS Enterprise Sites allows authenticated users with site creation/editing permission...
Aug 21, 2025A stored cross-site scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites allows authenticated attackers with high privileges to inject m...
Aug 21, 2025A stored cross-site scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites allows authenticated attackers with high privileges to inject m...
Aug 21, 2025A stored cross-site scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites allows authenticated attackers with high privileges to inject m...
Aug 21, 2025A hardcoded credential vulnerability in Esri Portal for ArcGIS versions 11.4 and below allows remote unauthenticated attackers to gain administrative ...
Mar 20, 2025A path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below allows authenticated administrators to access files outside intended dire...
Mar 3, 2025A SQL injection vulnerability in ArcGIS Server allows authenticated users with advanced application-specific permissions to execute arbitrary SQL comm...
Mar 3, 2025A stored cross-site scripting vulnerability in ArcGIS Server versions 11.3 and below allows authenticated users with publisher privileges to inject ma...
Mar 3, 2025A path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below allows remote authenticated attackers with admin privileges to access fil...
Mar 3, 2025A stored cross-site scripting vulnerability in ArcGIS Server versions 11.3 and below allows authenticated attackers with publisher privileges to injec...
Mar 3, 2025A local file inclusion vulnerability in ArcGIS Server 11.3 and earlier allows remote unauthenticated attackers to read sensitive configuration files b...
Mar 3, 2025A stored cross-site scripting (XSS) vulnerability in ArcGIS Server versions 11.3 and below allows authenticated attackers with publisher privileges to...
Mar 3, 2025A stored cross-site scripting (XSS) vulnerability in ArcGIS Server versions 11.3 and below allows authenticated users with publisher privileges to inj...
Mar 3, 2025An improper access control vulnerability in ArcGIS Server versions 11.3 and below allows authenticated attackers with low privileges to access secure ...
Mar 3, 2025A stored cross-site scripting (XSS) vulnerability in ArcGIS Server versions 11.3 and below allows authenticated attackers with publisher privileges to...
Mar 3, 2025This stored XSS vulnerability in ArcGIS Server allows authenticated attackers with publisher privileges to inject malicious JavaScript into links. Whe...
Mar 3, 2025A stored cross-site scripting vulnerability in ArcGIS Server versions 11.3 and below allows authenticated attackers with publisher privileges to injec...
Mar 3, 2025A stored cross-site scripting vulnerability in ArcGIS Server versions 11.3 and below allows authenticated attackers with publisher privileges to injec...
Mar 3, 2025An untrusted search path vulnerability in Esri ArcGIS Pro allows attackers with local file system write access to plant malicious executables that exe...
Feb 25, 2025An untrusted search path vulnerability in Esri ArcGIS AllSource versions 1.2 and 1.3 allows attackers with local file system write access to place mal...
Feb 25, 2025A reflected Cross-Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS allows authenticated low-privileged attackers to craft malicious links ...
Oct 4, 2024A reflected cross-site scripting (XSS) vulnerability in Esri Portal for ArcGIS 11.1 allows attackers to craft malicious links that execute arbitrary J...
Oct 4, 2024A local file inclusion vulnerability in Esri Portal for ArcGIS allows remote unauthenticated attackers to craft URLs that read internal files, potenti...
Oct 4, 2024A stored XSS vulnerability in Esri Portal for ArcGIS Enterprise allows authenticated attackers with high privileges to inject malicious JavaScript int...
Oct 4, 2024A stored cross-site scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites allows authenticated attackers with high privileges to inject m...
Oct 4, 2024A reflected cross-site scripting (XSS) vulnerability in Esri Portal for ArcGIS allows attackers to craft malicious links that execute arbitrary JavaSc...
Oct 4, 2024A stored XSS vulnerability in Esri Portal for ArcGIS allows remote authenticated attackers to inject malicious JavaScript via crafted links when movin...
Apr 4, 2024A cross-site scripting (XSS) vulnerability in Esri Portal for ArcGIS Experience Builder allows authenticated low-privileged users to create malicious ...
Apr 4, 2024An improper authentication vulnerability in Esri Portal for ArcGIS and ArcGIS Enterprise allows authenticated low-privileged attackers to bypass autho...
Apr 4, 2024This path traversal vulnerability in Esri Portal for ArcGIS allows authenticated attackers to access files outside intended directories, potentially l...
Apr 4, 2024A stored cross-site scripting vulnerability in Esri ArcGIS Enterprise Sites allows authenticated high-privileged attackers to inject malicious JavaScr...
Jul 21, 2023A stored XSS vulnerability in Esri Portal for ArcGIS Sites allows authenticated high-privilege attackers to inject malicious JavaScript into site conf...
Jul 21, 2023Why Monitor Esri Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 56+ known vulnerabilities affecting Esri products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Esri packages in under 60 seconds. No agents required - completely agentless scanning that works across Esri deployments.
Free vulnerability database: Access detailed information about every Esri CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Esri CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
