CNNVD-202601-4360 Information

CNNVD ID

CNNVD-202601-4360

Related CVE

CVE-2026-1446

• CNNVD Published: 2026-01-26

Description (Chinese)

Esri ArcGIS Pro是美国Esri公司的一个地理信息系统软件。 Esri ArcGIS Pro 3.6.0及之前版本存在跨站脚本漏洞，该漏洞源于本地攻击者可注入恶意字符串，可能导致特定对话框打开时执行恶意代码。

Description (English)

Esri ArcGIS Pro is a GIS software for the United States company Esri. Esri ArcGIS Pro 3.6.0 and previous versions had a cross-site script loophole, which stemmed from local assailants who injected a malicious string and could lead to the implementation of a malicious code when a particular dialogue box was opened.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

环境系统研究所

Published

2026-01-26

Last Modified

2026-02-24

References

https://www.esri.com/arcgis-blog/products/arcgis-pro/administration/arcgis-pro-3-6-1-patch https://access.redhat.com/security/cve/cve-2026-1446

Patch

https://support.esri.com/en-us/patches-updates/2026/arcgis-pro-3-6-patch-1-3-6-1-announcement