ArcGIS Blog

Administration

ArcGIS Pro

Jan 26, 2026

ArcGIS Pro 3.6.1 Patch

By Randall Williams

Esri has released the ArcGIS Pro 3.6.1 Patch which resolves one medium severity vulnerability in ArcGIS Pro.

As always, any customer using versions of our software in Mature or Retired status should plan their upgrade to a General Availability release version immediately, please see our ArcGIS Pro Life Cycle for current GA releases.

This patch was originally released on January 6, 2026, and is available by using the ArcGIS Pro Updater or MyEsri.

We provide Common Vulnerability Scoring System v.3.1 (CVSS) scores to allow our customers to better assess the risk of these vulnerabilities to their operations. Both base and modified temporal scores are provided to reflect the availability of an official patch.

  • CVE Details: CVE-2026-1446
  • CWE-74: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
  • Base CVSS 3.1: 4.8
  • Base CVSS 4.0: 4.8

Share this article

administration administration arcgis trust center cve security ssamlmygp arcgis pro arcgis trust center

Article Discussion:

Leave a Reply