THREAT OPS › Threat News › CVE-2026-9181 | Esri ArcGIS Server Pre-Authentication Path Traversal Vulnerability
CVE-2026-9181 | Esri ArcGIS Server Pre-Authentication Path Traversal Vulnerability
<p>CVE-2026-9181 is a critical pre-authentication path traversal vulnerability affecting Esri ArcGIS Server 12.0 and prior. The vulnerability exists in the ArcGIS Server REST Uploads resource, where insufficient validation of crafted path parameters allows an unauthenticated remote attacker to traverse outside the intended directory boundary. Successful exploitation could allow an attacker to acce
MITRE ATT&CK techniques
- VulnerabilitiesT1588.006
Indicators of compromise
- CVE-2026-9181cve
Original source: https://horizon3.ai/attack-research/vulnerabilities/cve-2026-9181/