{"id":2971291,"date":"2026-06-18T14:58:47","date_gmt":"2026-06-18T21:58:47","guid":{"rendered":"https:\/\/www.esri.com\/arcgis-blog\/?post_type=blog&#038;p=2971291"},"modified":"2026-07-07T09:31:31","modified_gmt":"2026-07-07T16:31:31","slug":"june-2026-arcgis-security-bulletin","status":"publish","type":"blog","link":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/june-2026-arcgis-security-bulletin","title":{"rendered":"June 2026 ArcGIS Security Bulletin"},"author":3911,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","format":"standard","meta":{"_acf_changed":false,"_searchwp_excluded":""},"categories":[37501],"tags":[24071,780941],"industry":[],"product":[36571,763582],"class_list":["post-2971291","blog","type-blog","status-publish","format-standard","hentry","category-administration","tag-security","tag-ssamlmygp","product-arcgis-enterprise","product-trust-arcgis"],"acf":{"short_description":"ArcGIS Enterprise Account Recovery Targeted - Customer Action Required","flexible_content":[{"acf_fc_layout":"sidebar","content":"<ul>\n<li>ArcGIS Enterprise account recovery configurations are being targeted<\/li>\n<li>Portal for ArcGIS Security 2026 Update 2 Patch remediates this issue<\/li>\n<li>This patch changes how built-in users self-serve password reset workflows<\/li>\n<li>ArcGIS Enterprise Admins:\n<ul>\n<li>Implement SAML or OIDC (preferred)<\/li>\n<li>Work with teams to implement an email server for password reset and other notifications<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n","image_reference":false,"layout":"standard","image_reference_figure":"","snippet":"","spotlight_name":"","section_title":"","position":"Right","spotlight_image":false},{"acf_fc_layout":"content","content":"<h2><strong>ArcGIS Enterprise Account Recovery Targeted<\/strong><\/h2>\n<p>As organizations around the world have improved the security of application login mechanisms, such as enforcing MFA, attackers have increasingly shifted to exploiting account recovery mechanisms. \u00a0Esri is actively responding to reports that an ArcGIS Enterprise account recovery configuration has been used in targeted attempts against customer environments. Customers using built-in accounts should review and apply the recommendations below as soon as possible.<\/p>\n<p>First, if your ArcGIS Enterprise deployment does not have any built-in accounts enabled, then your system is as safe as the configuration of your organization\u2019s central identity management system account recovery processes. As listed in the <a href=\"https:\/\/downloads.esri.com\/resources\/enterprisegis\/arcgis_enterprise_hardening_guide.pdf\">ArcGIS Enterprise Hardening Guide<\/a> which was recently streamlined, Esri recommends utilizing centralized identity managed accounts \u2013 see control ID IA-B12.<\/p>\n<h3><strong>Remediation:<\/strong><\/h3>\n<p>Esri has released the Portal for ArcGIS Security 2026 Update 2 Patch, which is available <a href=\"https:\/\/support.esri.com\/en-us\/patches-updates\/2026\/portal-for-arcgis-security-2026-update-2-patch\">here.<\/a><\/p>\n<p><a href=\"https:\/\/support.esri.com\/en-us\/patches-updates\/2026\/portal-for-arcgis-security-2026-update-2-patch\">This patch<\/a> was released June 23, 2026. We strongly encourage ArcGIS Enterprise customers apply this patch within the next two weeks to minimize risk. This patch resolves Critical and High Severity vulnerabilities in Portal for ArcGIS versions 12.1 and prior and addresses the ArcGIS Enterprise Account Recovery issue. More details are provided later in this bulletin.<\/p>\n<h3><strong>Recommendations:<\/strong><\/h3>\n<p>If your organization need time to apply the <a href=\"https:\/\/support.esri.com\/en-us\/patches-updates\/2026\/portal-for-arcgis-security-2026-update-2-patch\">patch<\/a> and utilizes <u>any<\/u> built-in application accounts, then we recommend immediately taking the following five easy steps:<\/p>\n<ol>\n<li>Ensure no weak account recovery answers are utilized (AS-B11)<\/li>\n<li>Ensure no common admin names are used for built-in Enterprise accounts (AS-B11)<\/li>\n<li>Ensure Portal PSA and Server IAA accounts are disabled (AS-B2)<\/li>\n<li>Ensure ArcGIS Enterprise service account not assigned admin access (AS-B20)<\/li>\n<li>Run the Security &amp; Privacy Adviser tool (<a href=\"https:\/\/trust.arcgis.com\/\">see ArcGIS Trust Center<\/a>) (IM-B4)<\/li>\n<\/ol>\n<h3><strong>Near-term Recommendations:<\/strong><\/h3>\n<ol>\n<li>Implement SMTP for email validation of account changes (AS-B3)<\/li>\n<li><a href=\"https:\/\/support.esri.com\/en-us\/patches-updates\/2026\/portal-for-arcgis-security-2026-update-2-patch\">Esri has released a security patch<\/a>\u00a0that further improves the security of the remote user account recovery (Forgot password) workflow, such as requiring SMTP to be enabled for the remote user reset process to work. Esri has always strongly recommended utilizing SMTP for validating accounts via email (AS-B3).\u00a0 Recent cases have made it apparent that SMTP <strong>must<\/strong> be required to securely support the current remote password reset workflow.\u00a0 Customers without SMTP will still be able to:\u00a0 1) Allow administrators to reset the password for any existing built-in user,\u00a0 2) Allow any user to change their own password after logging in.<\/li>\n<\/ol>\n<h3><strong>Long-term Recommendations:<\/strong><\/h3>\n<p>These recommendations are more strategic and require significantly more effort to implement but payoff with a considerably stronger security posture:<\/p>\n<ol>\n<li>Utilize centralized identity providers as primary authentication mechanism (IA-B12)<\/li>\n<li>Require MFA for all admin account logins (IA-B1)<\/li>\n<li>Keep your applications up-to-date with the <a href=\"https:\/\/downloads.esri.com\/resources\/enterprisegis\/arcgis_enterprise_hardening_guide.pdf\">latest hardening guidance<\/a><\/li>\n<li>If unable to keep applications up-to-date consider <a href=\"https:\/\/trust.arcgis.com\/en\/security\/esri-managed-cloud-services.htm\">hosting providers<\/a> or <a href=\"https:\/\/www.arcgis.com\/home\/index.html\">SaaS<\/a><\/li>\n<\/ol>\n<h3><strong>Portal for ArcGIS Security 2026 Update 2 Patch Details:<\/strong><\/h3>\n<p><strong>Cumulative<\/strong> \u2013 This patch is cumulative and does not require that you install any previous Portal for ArcGIS Security patches prior to installing this patch \u2013 Using the Patch Notification Utility can help ease this process. This patch is NOT dependent on other patches to be in place.<\/p>\n<p>Esri has reserved CVE identifiers for two vulnerabilities fixed in this patch.<\/p>\n<p><strong>CVE-2026-13020<\/strong>: A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user\u2019s account by manipulating this mechanism. ArcGIS Administrators should configure an email server with ArcGIS Enterprise to facilitate user self-service password recovery. The ability for an administrator to reset a user\u2019s password remains unchanged.<\/p>\n<ul>\n<li>CWE-640: Weak Password Recovery Mechanism for Forgotten Password<\/li>\n<li>Base CVSSv3.1:\u00a0<a href=\"https:\/\/www.first.org\/cvss\/calculator\/3.1#CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\/E:H\/RL:O\">8.1<\/a><\/li>\n<li>Temporal CVSSv3.1:\u00a0<a href=\"https:\/\/www.first.org\/cvss\/calculator\/3-1#CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\/E:H\/RL:O\/RC:C\/MAC:H\">7.7<\/a><\/li>\n<li>Affected:\u00a0Portal for ArcGIS 12.1 and prior.<\/li>\n<\/ul>\n<p><strong>CVE-2026-13019<\/strong>: Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API.<\/p>\n<ul>\n<li>CWE-306:\u00a0Missing Authentication for Critical Function<\/li>\n<li>Base CVSSv3.1:\u00a0<a href=\"https:\/\/www.first.org\/cvss\/calculator\/3.1#CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\">9.8<\/a><\/li>\n<li>Temporal CVSSv3.1:\u00a0<a href=\"https:\/\/www.first.org\/cvss\/calculator\/3-1#CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\/E:H\/RL:O\/RC:C\">9.4<\/a><\/li>\n<li>Affected: Portal for ArcGIS 12.1 and prior.<\/li>\n<\/ul>\n<h3><strong>Patch notes:<\/strong><\/h3>\n<p>This patch may potentially be disruptive for some customers.<\/p>\n<p>What will the patch do?<\/p>\n<ul>\n<li><strong>IF the site does NOT have email enabled: <\/strong>Admins will be responsible for resetting user passwords. The &#8220;recovery question&#8221; based mechanism is no longer available.<\/li>\n<li><strong>IF the site DOES have email enabled: <\/strong>Users can reset their own passwords using the email-based process.<\/li>\n<li><strong>Users who use SAML\/OpenID Connect\/LDAP or Windows Users and roles<\/strong>: Will see NO CHANGE.\n<ul>\n<li>Those users are not managed at the ArcGIS Enterprise level \u2013 they are managed at the Identity Provider (IDP) level.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Esri will continue to update this bulletin as additional information becomes available. Check back here for the latest guidance.<\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li>Esri Software Security &amp; Privacy<\/li>\n<\/ul>\n"}],"related_articles":"","show_article_image":false,"card_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2026\/06\/SA-Enterprise1.gif","wide_image":false,"authors":[{"ID":3911,"user_firstname":"Michael","user_lastname":"Young","nickname":"Michael Young","user_nicename":"myoung1000","display_name":"Michael Young","user_email":"myoung@esri.com","user_url":"http:\/\/trust.arcgis.com","user_registered":"2018-03-02 00:15:29","user_description":"","user_avatar":"<img data-del=\"avatar\" src='https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2021\/12\/SSP-213x200.jpg' class='avatar pp-user-avatar avatar-96 photo ' height='96' width='96'\/>"},{"ID":5311,"user_firstname":"Randall","user_lastname":"Williams","nickname":"Randall Williams","user_nicename":"randallwilliams","display_name":"Randall Williams","user_email":"randall_williams@esri.com","user_url":"https:\/\/trust.arcgis.com","user_registered":"2018-03-02 00:17:03","user_description":"","user_avatar":"<img data-del=\"avatar\" src='https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/08\/softwaresecurity.png' class='avatar pp-user-avatar avatar-96 photo ' height='96' width='96'\/>"}]},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.9 (Yoast SEO v25.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>June 2026 ArcGIS Security Bulletin<\/title>\n<meta name=\"description\" content=\"ArcGIS Enterprise Account Recovery Targeted - Customer Action Required\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/june-2026-arcgis-security-bulletin\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"June 2026 ArcGIS Security Bulletin\" \/>\n<meta property=\"og:description\" content=\"ArcGIS Enterprise Account Recovery Targeted - Customer Action Required\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/june-2026-arcgis-security-bulletin\" \/>\n<meta property=\"og:site_name\" content=\"ArcGIS Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/esrigis\/\" \/>\n<meta property=\"article:modified_time\" content=\"2026-07-07T16:31:31+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@ESRI\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/june-2026-arcgis-security-bulletin#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/june-2026-arcgis-security-bulletin\"},\"author\":{\"name\":\"Michael Young\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/b1e77881551053100a9cef9dba632678\"},\"headline\":\"June 2026 ArcGIS Security Bulletin\",\"datePublished\":\"2026-06-18T21:58:47+00:00\",\"dateModified\":\"2026-07-07T16:31:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/june-2026-arcgis-security-bulletin\"},\"wordCount\":4,\"publisher\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\"},\"keywords\":[\"Security\",\"SSAMLMYGP\"],\"articleSection\":[\"Administration\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/june-2026-arcgis-security-bulletin\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/june-2026-arcgis-security-bulletin\",\"name\":\"June 2026 ArcGIS Security Bulletin\",\"isPartOf\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#website\"},\"datePublished\":\"2026-06-18T21:58:47+00:00\",\"dateModified\":\"2026-07-07T16:31:31+00:00\",\"description\":\"ArcGIS Enterprise Account Recovery Targeted - Customer Action Required\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/june-2026-arcgis-security-bulletin#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/june-2026-arcgis-security-bulletin\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/june-2026-arcgis-security-bulletin#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esri.com\/arcgis-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"June 2026 ArcGIS Security Bulletin\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#website\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/\",\"name\":\"ArcGIS Blog\",\"description\":\"Get insider info from Esri product teams\",\"publisher\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esri.com\/arcgis-blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\",\"name\":\"Esri\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png\",\"contentUrl\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png\",\"width\":400,\"height\":400,\"caption\":\"Esri\"},\"image\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/esrigis\/\",\"https:\/\/x.com\/ESRI\",\"https:\/\/www.linkedin.com\/company\/5311\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/b1e77881551053100a9cef9dba632678\",\"name\":\"Michael Young\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2021\/12\/SSP-213x200.jpg\",\"contentUrl\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2021\/12\/SSP-213x200.jpg\",\"caption\":\"Michael Young\"},\"sameAs\":[\"http:\/\/trust.arcgis.com\"],\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/author\/myoung1000\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"June 2026 ArcGIS Security Bulletin","description":"ArcGIS Enterprise Account Recovery Targeted - Customer Action Required","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/june-2026-arcgis-security-bulletin","og_locale":"en_US","og_type":"article","og_title":"June 2026 ArcGIS Security Bulletin","og_description":"ArcGIS Enterprise Account Recovery Targeted - Customer Action Required","og_url":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/june-2026-arcgis-security-bulletin","og_site_name":"ArcGIS Blog","article_publisher":"https:\/\/www.facebook.com\/esrigis\/","article_modified_time":"2026-07-07T16:31:31+00:00","twitter_card":"summary_large_image","twitter_site":"@ESRI","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/june-2026-arcgis-security-bulletin#article","isPartOf":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/june-2026-arcgis-security-bulletin"},"author":{"name":"Michael Young","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/b1e77881551053100a9cef9dba632678"},"headline":"June 2026 ArcGIS Security Bulletin","datePublished":"2026-06-18T21:58:47+00:00","dateModified":"2026-07-07T16:31:31+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/june-2026-arcgis-security-bulletin"},"wordCount":4,"publisher":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization"},"keywords":["Security","SSAMLMYGP"],"articleSection":["Administration"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/june-2026-arcgis-security-bulletin","url":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/june-2026-arcgis-security-bulletin","name":"June 2026 ArcGIS Security Bulletin","isPartOf":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#website"},"datePublished":"2026-06-18T21:58:47+00:00","dateModified":"2026-07-07T16:31:31+00:00","description":"ArcGIS Enterprise Account Recovery Targeted - Customer Action Required","breadcrumb":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/june-2026-arcgis-security-bulletin#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/june-2026-arcgis-security-bulletin"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/june-2026-arcgis-security-bulletin#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esri.com\/arcgis-blog\/"},{"@type":"ListItem","position":2,"name":"June 2026 ArcGIS Security Bulletin"}]},{"@type":"WebSite","@id":"https:\/\/www.esri.com\/arcgis-blog\/#website","url":"https:\/\/www.esri.com\/arcgis-blog\/","name":"ArcGIS Blog","description":"Get insider info from Esri product teams","publisher":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esri.com\/arcgis-blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization","name":"Esri","url":"https:\/\/www.esri.com\/arcgis-blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png","contentUrl":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png","width":400,"height":400,"caption":"Esri"},"image":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/esrigis\/","https:\/\/x.com\/ESRI","https:\/\/www.linkedin.com\/company\/5311\/"]},{"@type":"Person","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/b1e77881551053100a9cef9dba632678","name":"Michael Young","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/image\/","url":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2021\/12\/SSP-213x200.jpg","contentUrl":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2021\/12\/SSP-213x200.jpg","caption":"Michael Young"},"sameAs":["http:\/\/trust.arcgis.com"],"url":"https:\/\/www.esri.com\/arcgis-blog\/author\/myoung1000"}]}},"text_date":"June 18, 2026","author_name":"Multiple Authors","author_page":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/june-2026-arcgis-security-bulletin","custom_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2025\/08\/Newsroom-Keyart-Wide-1920-x-1080.jpg","primary_product":"ArcGIS Trust Center","tag_data":[{"term_id":24071,"name":"Security","slug":"security","term_group":0,"term_taxonomy_id":24071,"taxonomy":"post_tag","description":"","parent":0,"count":128,"filter":"raw"},{"term_id":780941,"name":"SSAMLMYGP","slug":"ssamlmygp","term_group":0,"term_taxonomy_id":780941,"taxonomy":"post_tag","description":"","parent":0,"count":5,"filter":"raw"}],"category_data":[{"term_id":37501,"name":"Administration","slug":"administration","term_group":0,"term_taxonomy_id":37501,"taxonomy":"category","description":"","parent":0,"count":441,"filter":"raw"}],"product_data":[{"term_id":36571,"name":"ArcGIS Enterprise","slug":"arcgis-enterprise","term_group":0,"term_taxonomy_id":36571,"taxonomy":"product","description":"","parent":0,"count":1009,"filter":"raw"},{"term_id":763582,"name":"ArcGIS Trust Center","slug":"trust-arcgis","term_group":0,"term_taxonomy_id":763582,"taxonomy":"product","description":"Reserved for articles authored by the ArcGIS Trust Center team","parent":36981,"count":91,"filter":"raw"}],"primary_product_link":"https:\/\/www.esri.com\/arcgis-blog\/?s=#&products=trust-arcgis","_links":{"self":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog\/2971291","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/users\/3911"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/comments?post=2971291"}],"version-history":[{"count":0,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog\/2971291\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/media?parent=2971291"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/categories?post=2971291"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/tags?post=2971291"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/industry?post=2971291"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/product?post=2971291"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}