{"id":2961441,"date":"2026-04-13T10:00:25","date_gmt":"2026-04-13T17:00:25","guid":{"rendered":"https:\/\/www.esri.com\/arcgis-blog\/?post_type=blog&#038;p=2961441"},"modified":"2026-04-14T18:53:45","modified_gmt":"2026-04-15T01:53:45","slug":"april2026_security_bulletin","status":"publish","type":"blog","link":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/april2026_security_bulletin","title":{"rendered":"April 2026 ArcGIS Security Bulletin"},"author":136891,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","format":"standard","meta":{"_acf_changed":false,"_searchwp_excluded":""},"categories":[37501],"tags":[43671,24081,759222,24071,780941],"industry":[],"product":[36571,761642,36551,763582],"class_list":["post-2961441","blog","type-blog","status-publish","format-standard","hentry","category-administration","tag-administration","tag-ssamymlgp","tag-cve","tag-security","tag-ssamlmygp","product-arcgis-enterprise","product-platform","product-arcgis-online","product-trust-arcgis"],"acf":{"authors":[{"ID":136891,"user_firstname":"Mark","user_lastname":"Bierman","nickname":"Mark Bierman","user_nicename":"mbierman","display_name":"Mark Bierman","user_email":"MBierman@esri.com","user_url":"","user_registered":"2020-12-08 21:10:04","user_description":"","user_avatar":"<img data-del=\"avatar\" src='https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2023\/06\/softwaresecurity-213x200.png' class='avatar pp-user-avatar avatar-96 photo ' height='96' width='96'\/>"},{"ID":3911,"user_firstname":"Michael","user_lastname":"Young","nickname":"Michael Young","user_nicename":"myoung1000","display_name":"Michael Young","user_email":"myoung@esri.com","user_url":"http:\/\/trust.arcgis.com","user_registered":"2018-03-02 00:15:29","user_description":"","user_avatar":"<img data-del=\"avatar\" src='https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2021\/12\/SSP-213x200.jpg' class='avatar pp-user-avatar avatar-96 photo ' height='96' width='96'\/>"},{"ID":5311,"user_firstname":"Randall","user_lastname":"Williams","nickname":"Randall Williams","user_nicename":"randallwilliams","display_name":"Randall Williams","user_email":"randall_williams@esri.com","user_url":"https:\/\/trust.arcgis.com","user_registered":"2018-03-02 00:17:03","user_description":"","user_avatar":"<img data-del=\"avatar\" src='https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/08\/softwaresecurity.png' class='avatar pp-user-avatar avatar-96 photo ' height='96' width='96'\/>"}],"short_description":"Esri has released updates to address critical developer credential vulnerabilities in ArcGIS products.","flexible_content":[{"acf_fc_layout":"sidebar","content":"<p><strong>Key highlights<\/strong><\/p>\n<ul>\n<li>Check if your applications\/scripts using developer credentials are fully operational after updates<\/li>\n<li>CISA recommends applying Critical Security patches within 15 days<\/li>\n<li>Patch\/update resets potentially over-scoped developer credentials<\/li>\n<\/ul>\n","image_reference":false,"layout":"standard","image_reference_figure":"","snippet":"","spotlight_name":"","section_title":"","position":"Right","spotlight_image":false},{"acf_fc_layout":"content","content":"<p>Esri has discovered a security vulnerability with developer credentials affecting ArcGIS Online, ArcGIS Location Platform and ArcGIS Enterprise.<\/p>\n<p>&nbsp;<\/p>\n<h4><strong>ArcGIS Online and ArcGIS Location Platform<\/strong><\/h4>\n<p>Both were patched on 4\/13\/26, and only affected customers notified asking them to validate that the update did not affect their applications and scripts using developer credentials.<\/p>\n<p>&nbsp;<\/p>\n<h4><strong>ArcGIS Enterprise<\/strong><\/h4>\n<p><strong>UPDATE 4\/14 &#8211; PATCH ISSUE &#8211; Web Tier Authentication deployments will fail when patch applied.\u00a0 Patch downloads have been temporarily disabled and update patch made available soon.<\/strong><\/p>\n<p>Security patch released concurrently on 4\/13\/2026, resolving 2 <strong>critical severity<\/strong> vulnerabilities in Portal for ArcGIS 11.5 and 12.0 &#8211; It should be installed with the highest priority.\u00a0 The patch resets potentially over-scoped developer credentials created by Portal for ArcGIS 11.5 back to expected default permissions.\u00a0 This is not expected to disrupt most customer developer credential use cases, however the patch should be executed during an off-business hour period to minimize potential operational disruption.\u00a0 <em>Uninstalling the patch will NOT undo the permission changes of your developer credentials<\/em>, so please backup your systems as recommended.<\/p>\n<ul>\n<li>See Windows and Linux patch page <a href=\"https:\/\/support.esri.com\/en-us\/patches-updates\/2026\/portal-for-arcgis-security-2026-update-1-patch\">here<\/a><\/li>\n<li>Kubernetes customers should apply 12.0 Update 3 as described <a href=\"https:\/\/enterprise-k8s.arcgis.com\/en\/latest\/introduction\/release-notes.htm#ESRI_SECTION1_3E42872E67AE413B9DF43A77ABD4E73F\">here<\/a><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h4><strong>Mitigation<\/strong><\/h4>\n<p>If your organization does not utilize any developer credentials, including API keys or OAuth 2.0 credentials for application authentication, your system is not vulnerable.\u00a0 If your organization is unable to apply this patch in a timely manner and you currently utilize developer credentials, we recommend <a href=\"https:\/\/developers.arcgis.com\/documentation\/security-and-authentication\/api-key-authentication\/api-key-credentials\/location-platform\/#invalidate-an-api-key\">invalidating the developer credentials<\/a> until the patch can be applied.<\/p>\n<p>&nbsp;<\/p>\n<h4><strong>Developer Credential Check<\/strong><\/h4>\n<p>Browse to Organization settings \/ Security \/ Developer Credentials.\u00a0 If there are API keys or OAuth 2.0 credentials you have Developer Credentials.<\/p>\n<p>&nbsp;<\/p>\n<h4><b>Troubleshooting<\/b><\/h4>\n<p>If the reset of over-scoped developer credentials disrupts your script or app we recommend the following steps to resolve:<\/p>\n<ol>\n<li>Confirm all developer credentials in use by performing the <b>Developer Credential Check<\/b> above.<\/li>\n<li>Review the associated app or script which is failing and confirm which developer credential is the problem.<\/li>\n<li>Before making changes, we recommend reviewing current developer credential <b>best practices<\/b> listed in this announcement are being followed.<\/li>\n<li><a href=\"https:\/\/enterprise.arcgis.com\/en\/portal\/latest\/administer\/windows\/roles.htm\">Validate the permissions assigned<\/a> to the developer credential and determine any additional script or app permission requirements by passing it as a parameter to the portal&#8217;s self resource.<br \/>\nExample: <em>curl <a href=\"https:\/\/www.arcgis.com\/sharing\/rest\/community\/self?f=pjson&amp;token=[Your_API_Key]\">https:\/\/www.arcgis.com\/sharing\/rest\/community\/self?f=pjson&amp;token=[Your_API_Key]<\/a><\/em><\/li>\n<li>Determine if you can reduce the permission requirements of your app or script and make adjustments to those.<\/li>\n<li>If you have confirmed the elevated permissions are required for the developer credentials, you will need to reissue a new developer credential for your app\/script, confirm your issue is addressed, and then delete the original developer credential.<\/li>\n<li>If you need additional guidance, reach out to our support team for assistance.<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<h4><strong>Best Practice<\/strong><\/h4>\n<p>Esri and the software industry are moving away from using API keys for protecting sensitive content due to the inherent security risks they present.\u00a0 Esri has recently updated developer credential documentation and posted\/updated the following ArcGIS Trust Center content:<\/p>\n<ul>\n<li><a href=\"https:\/\/downloads.esri.com\/RESOURCES\/ENTERPRISEGIS\/ArcGIS_Enterprise_Hardening_Guide.pdf\">Enterprise Hardening Guidance<\/a><\/li>\n<li><a href=\"https:\/\/content.esri.com\/resources\/enterprisegis\/building_security_into_your_arcgis_system.pdf\">2026 Dev Summit Security Presentation<\/a><\/li>\n<li><a href=\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/developers\/user-app-or-api-key-authentication\">ArcGIS Developer Credential best practices blog\/video<\/a><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n"},{"acf_fc_layout":"content","content":"<h4><strong>ArcGIS Enterprise Vulnerability Details<\/strong><\/h4>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-33518\"><em><strong>CVE-2026-33518<\/strong><\/em><\/a><\/p>\n<ul>\n<li><strong>Description<\/strong>: An incorrect privilege assignment vulnerability exists that allows highly privileged users to create developer credentials that may grant more privileges than expected.<\/li>\n<li><strong><a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/266.html\">CWE-266<\/a>:<\/strong> Incorrect Privilege Assignment<\/li>\n<li><strong>Base CVSS 3.1:<\/strong> <a href=\"https:\/\/www.first.org\/cvss\/calculator\/3.1#CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\">9.8<\/a><\/li>\n<li><strong>Temporal CVSS 3.1:<\/strong>\u00a0<a href=\"https:\/\/www.first.org\/cvss\/calculator\/3.1#CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\/E:H\/RL:O\/RC:C\">9.4<\/a><\/li>\n<li><strong>Affected:<\/strong> Portal for ArcGIS 11.5<\/li>\n<li style=\"list-style-type: none\"><\/li>\n<\/ul>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-33519\"><em><strong>CVE-2026-33519<\/strong><\/em><\/a><\/p>\n<ul>\n<li><strong>Description:<\/strong> An incorrect authorization vulnerability exists that did not correctly check permissions assigned to developer credentials.<\/li>\n<li><strong><a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/863.html\">CWE-863<\/a>:<\/strong> Incorrect Authorization<\/li>\n<li><strong>Base CVSS 3.1:<\/strong> <a href=\"https:\/\/www.first.org\/cvss\/calculator\/3.1#CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\">9.8<\/a><\/li>\n<li><strong>Temporal CVSS 3.1:<\/strong>\u00a0<a href=\"https:\/\/www.first.org\/cvss\/calculator\/3.1#CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\/E:H\/RL:O\/RC:C\">9.4<\/a><\/li>\n<li><strong>Affected:<\/strong> Portal for ArcGIS 11.5, 12.0<\/li>\n<\/ul>\n"}],"related_articles":"","show_article_image":true,"card_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2021\/07\/SA-Portal.gif","wide_image":false},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.9 (Yoast SEO v25.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>April 2026 ArcGIS Security Bulletin<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/april2026_security_bulletin\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"April 2026 ArcGIS Security Bulletin\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/april2026_security_bulletin\" \/>\n<meta property=\"og:site_name\" content=\"ArcGIS Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/esrigis\/\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-15T01:53:45+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@ESRI\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/april2026_security_bulletin#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/april2026_security_bulletin\"},\"author\":{\"name\":\"Mark Bierman\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/928a9a9a1a21dc0cf370b54b135e73ed\"},\"headline\":\"April 2026 ArcGIS Security Bulletin\",\"datePublished\":\"2026-04-13T17:00:25+00:00\",\"dateModified\":\"2026-04-15T01:53:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/april2026_security_bulletin\"},\"wordCount\":4,\"publisher\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\"},\"keywords\":[\"administration\",\"ArcGIS Trust Center\",\"CVE\",\"Security\",\"SSAMLMYGP\"],\"articleSection\":[\"Administration\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/april2026_security_bulletin\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/april2026_security_bulletin\",\"name\":\"April 2026 ArcGIS Security Bulletin\",\"isPartOf\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#website\"},\"datePublished\":\"2026-04-13T17:00:25+00:00\",\"dateModified\":\"2026-04-15T01:53:45+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/april2026_security_bulletin#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/april2026_security_bulletin\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/april2026_security_bulletin#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esri.com\/arcgis-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"April 2026 ArcGIS Security Bulletin\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#website\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/\",\"name\":\"ArcGIS Blog\",\"description\":\"Get insider info from Esri product teams\",\"publisher\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esri.com\/arcgis-blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\",\"name\":\"Esri\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png\",\"contentUrl\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png\",\"width\":400,\"height\":400,\"caption\":\"Esri\"},\"image\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/esrigis\/\",\"https:\/\/x.com\/ESRI\",\"https:\/\/www.linkedin.com\/company\/5311\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/928a9a9a1a21dc0cf370b54b135e73ed\",\"name\":\"Mark Bierman\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2023\/06\/softwaresecurity-213x200.png\",\"contentUrl\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2023\/06\/softwaresecurity-213x200.png\",\"caption\":\"Mark Bierman\"},\"url\":\"\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"April 2026 ArcGIS Security Bulletin","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/april2026_security_bulletin","og_locale":"en_US","og_type":"article","og_title":"April 2026 ArcGIS Security Bulletin","og_url":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/april2026_security_bulletin","og_site_name":"ArcGIS Blog","article_publisher":"https:\/\/www.facebook.com\/esrigis\/","article_modified_time":"2026-04-15T01:53:45+00:00","twitter_card":"summary_large_image","twitter_site":"@ESRI","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/april2026_security_bulletin#article","isPartOf":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/april2026_security_bulletin"},"author":{"name":"Mark Bierman","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/928a9a9a1a21dc0cf370b54b135e73ed"},"headline":"April 2026 ArcGIS Security Bulletin","datePublished":"2026-04-13T17:00:25+00:00","dateModified":"2026-04-15T01:53:45+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/april2026_security_bulletin"},"wordCount":4,"publisher":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization"},"keywords":["administration","ArcGIS Trust Center","CVE","Security","SSAMLMYGP"],"articleSection":["Administration"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/april2026_security_bulletin","url":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/april2026_security_bulletin","name":"April 2026 ArcGIS Security Bulletin","isPartOf":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#website"},"datePublished":"2026-04-13T17:00:25+00:00","dateModified":"2026-04-15T01:53:45+00:00","breadcrumb":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/april2026_security_bulletin#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/april2026_security_bulletin"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/april2026_security_bulletin#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esri.com\/arcgis-blog\/"},{"@type":"ListItem","position":2,"name":"April 2026 ArcGIS Security Bulletin"}]},{"@type":"WebSite","@id":"https:\/\/www.esri.com\/arcgis-blog\/#website","url":"https:\/\/www.esri.com\/arcgis-blog\/","name":"ArcGIS Blog","description":"Get insider info from Esri product teams","publisher":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esri.com\/arcgis-blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization","name":"Esri","url":"https:\/\/www.esri.com\/arcgis-blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png","contentUrl":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png","width":400,"height":400,"caption":"Esri"},"image":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/esrigis\/","https:\/\/x.com\/ESRI","https:\/\/www.linkedin.com\/company\/5311\/"]},{"@type":"Person","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/928a9a9a1a21dc0cf370b54b135e73ed","name":"Mark Bierman","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/image\/","url":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2023\/06\/softwaresecurity-213x200.png","contentUrl":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2023\/06\/softwaresecurity-213x200.png","caption":"Mark Bierman"},"url":""}]}},"text_date":"April 13, 2026","author_name":"Multiple Authors","author_page":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/april2026_security_bulletin","custom_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2025\/08\/Newsroom-Keyart-Wide-1920-x-1080.jpg","primary_product":"ArcGIS Trust Center","tag_data":[{"term_id":43671,"name":"administration","slug":"administration","term_group":0,"term_taxonomy_id":43671,"taxonomy":"post_tag","description":"","parent":0,"count":53,"filter":"raw"},{"term_id":24081,"name":"ArcGIS Trust Center","slug":"ssamymlgp","term_group":0,"term_taxonomy_id":24081,"taxonomy":"post_tag","description":"","parent":0,"count":96,"filter":"raw"},{"term_id":759222,"name":"CVE","slug":"cve","term_group":0,"term_taxonomy_id":759222,"taxonomy":"post_tag","description":"","parent":0,"count":32,"filter":"raw"},{"term_id":24071,"name":"Security","slug":"security","term_group":0,"term_taxonomy_id":24071,"taxonomy":"post_tag","description":"","parent":0,"count":126,"filter":"raw"},{"term_id":780941,"name":"SSAMLMYGP","slug":"ssamlmygp","term_group":0,"term_taxonomy_id":780941,"taxonomy":"post_tag","description":"","parent":0,"count":3,"filter":"raw"}],"category_data":[{"term_id":37501,"name":"Administration","slug":"administration","term_group":0,"term_taxonomy_id":37501,"taxonomy":"category","description":"","parent":0,"count":425,"filter":"raw"}],"product_data":[{"term_id":36571,"name":"ArcGIS Enterprise","slug":"arcgis-enterprise","term_group":0,"term_taxonomy_id":36571,"taxonomy":"product","description":"","parent":0,"count":973,"filter":"raw"},{"term_id":761642,"name":"ArcGIS Location Platform","slug":"platform","term_group":0,"term_taxonomy_id":761642,"taxonomy":"product","description":"","parent":36601,"count":214,"filter":"raw"},{"term_id":36551,"name":"ArcGIS Online","slug":"arcgis-online","term_group":0,"term_taxonomy_id":36551,"taxonomy":"product","description":"","parent":0,"count":2425,"filter":"raw"},{"term_id":763582,"name":"ArcGIS Trust Center","slug":"trust-arcgis","term_group":0,"term_taxonomy_id":763582,"taxonomy":"product","description":"Reserved for articles authored by the ArcGIS Trust Center team","parent":36981,"count":89,"filter":"raw"}],"primary_product_link":"https:\/\/www.esri.com\/arcgis-blog\/?s=#&products=trust-arcgis","_links":{"self":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog\/2961441","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/users\/136891"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/comments?post=2961441"}],"version-history":[{"count":0,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog\/2961441\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/media?parent=2961441"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/categories?post=2961441"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/tags?post=2961441"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/industry?post=2961441"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/product?post=2961441"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}