COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-9182

CVE-2026-9182

Severity
medium
Source
NVD · cve
Published
2026-07-06
CVSS
5.3
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-9182
⚡ RCE shame 35/100 rce

ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload.

Players implicated

ESRI · vendorMicrosoft · vendorlinux · vendorarcgis server · productlinux kernel · productwindows · product

Description

ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload.

Affected FedRAMP products 7 in the catalog

ProductProviderStatusMatch
ArcGIS Online (AGO) ESRI Authorized vendor-exact · 0.90
ArcGIS Online (AGO) Moderate ESRI In Process vendor-exact · 0.90
Azure Commercial Cloud Microsoft Authorized vendor-exact · 0.90
Azure Government (includes Dynamics 365) Microsoft Authorized vendor-exact · 0.90
Esri Managed Cloud Services Advanced Plus ESRI Authorized vendor-exact · 0.90
Microsoft Office 365 GCC High Microsoft In Process vendor-exact · 0.90
Office 365 Multi-Tenant & Supporting Services Microsoft Authorized vendor-exact · 0.90