Skip to main content

Altium Enterprise Server CVE-2026-14439

| EUVDEUVD-2026-41210 CRITICAL
Path Traversal (CWE-22)
2026-07-01 4760f414-e1ae-4ff1-bdad-c7a9c3538b79 GHSA-m97g-7h77-r5pr
9.4
CVSS 4.0 · Vendor: 4760f414-e1ae-4ff1-bdad-c7a9c3538b79
Share

Severity by source

Vendor (4760f414-e1ae-4ff1-bdad-c7a9c3538b79) PRIMARY
9.4 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.9 CRITICAL

Network-reachable Git Service, low complexity, requires a low-privileged authenticated git user (PR:L), no interaction; scope changed (S:C) since RCE and cross-tenant access affect resources beyond the vulnerable component, with full CIA impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (4760f414-e1ae-4ff1-bdad-c7a9c3538b79).

CVSS VectorVendor: 4760f414-e1ae-4ff1-bdad-c7a9c3538b79

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jul 02, 2026 - 02:01 EUVD
Analysis Generated
Jul 01, 2026 - 23:30 vuln.today

DescriptionCVE.org

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to move arbitrary files outside the intended repository area.

This file-move primitive can be used to place attacker-controlled script content into directories where it is later executed by the service, resulting in remote code execution under the Git Service account. On multi-tenant Altium 365 deployments, this could have allowed access to data belonging to other tenants on the same infrastructure node. Altium Enterprise Server is fixed in 8.1.1; the issue has been remediated in Altium 365 (commercial and government cloud) at the service level.

AnalysisAI

Privilege-escalating remote code execution in the Git Service shared by Altium Enterprise Server and Altium 365 lets an authenticated user with basic git access abuse post-clone file-manipulation operations to move arbitrary files outside the repository, plant executable script content, and run code as the Git Service account. On multi-tenant Altium 365 cloud nodes this also created a cross-tenant data-exposure path. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Authenticate with basic git access
Delivery
Clone target repository
Exploit
Issue post-clone move with traversal path
Install
Plant script in service-executed directory
C2
Service executes attacker content
Execute
RCE as Git Service account
Impact
Access other tenants' data

Vulnerability AssessmentAI

Exploitation Requires an authenticated account with basic git access to the shared Git Service (CVSS PR:L confirms low-privileged authentication is needed - this is not anonymous). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N with VC:H/VI:H/VA:H and subsequent-system SC:H/SI:H/SA:H) is internally consistent with the description: network-reachable, low-complexity, no user interaction, requires only a low-privileged authenticated git user, and yields full impact on both the vulnerable service and downstream systems - the subsequent-system 'high' metrics map directly to the described cross-tenant exposure. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who holds or phishes a low-privileged Altium account with basic git access clones a repository, then issues crafted post-clone move operations whose target paths contain traversal sequences to relocate an attacker-supplied script into a directory the Git Service later executes. When the service runs that content, the attacker gains code execution under the Git Service account; on a shared Altium 365 node this position can be pivoted to reach other tenants' data. …
Remediation For on-premises deployments, upgrade Altium Enterprise Server to version 8.1.1 (Vendor-released patch: 8.1.1), which contains the fix for the unvalidated post-clone file-move operations. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Altium Enterprise Server and Altium 365 instances; audit Git Service access logs for unauthorized activity; for multi-tenant deployments, assess cross-tenant data exposure scope. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-14439 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy