THREATOPS
THREAT OPSThreat News › CVE-2026-9181 | Esri ArcGIS Server Pre-Authentication Path Traversal Vulnerability

CVE-2026-9181 | Esri ArcGIS Server Pre-Authentication Path Traversal Vulnerability

lowhorizon3Published 2026-07-08

<p>CVE-2026-9181 is a critical pre-authentication path traversal vulnerability affecting Esri ArcGIS Server 12.0 and prior. The vulnerability exists in the ArcGIS Server REST Uploads resource, where insufficient validation of crafted path parameters allows an unauthenticated remote attacker to traverse outside the intended directory boundary. Successful exploitation could allow an attacker to acce

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://horizon3.ai/attack-research/vulnerabilities/cve-2026-9181/