Skip to main content

Altium 365 EUVDEUVD-2026-34918

| CVE-2026-11429 CRITICAL
Path Traversal (CWE-22)
2026-06-05 Altium GHSA-f7c8-3j67-9q8x
10.0
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

8
Analysis Updated
Jun 09, 2026 - 17:28 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 09, 2026 - 17:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 09, 2026 - 17:22 vuln.today
cvss_changed
CVSS changed
Jun 09, 2026 - 17:22 NVD
9.4 (CRITICAL) 10.0 (CRITICAL)
Analysis Generated
Jun 05, 2026 - 23:50 vuln.today
Patch available
Jun 05, 2026 - 23:01 EUVD
CVSS changed
Jun 05, 2026 - 22:22 NVD
9.4 (CRITICAL)
CVE Published
Jun 05, 2026 - 21:01 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to move arbitrary files outside the intended repository area.

This file-move primitive can be used to place attacker-controlled script content into directories where it is later executed by the service, resulting in remote code execution under the Git Service account. On multi-tenant Altium 365 deployments, this could have allowed access to data belonging to other tenants on the same infrastructure node. Altium Enterprise Server is fixed in 8.1.1; the issue has been remediated in Altium 365 at the service level.

AnalysisAI

Remote code execution in Altium Enterprise Server (versions prior to 8.1.1) and Altium 365 arises from a path traversal flaw in the shared Git Service component, which processes post-clone file-manipulation operations using user-supplied paths without validation. An authenticated user with basic git permissions can move arbitrary files outside the repository area, drop attacker-controlled scripts into directories the service later executes, and on multi-tenant Altium 365 infrastructure could have reached data belonging to other tenants on the same node. No public exploit identified at time of analysis, and EPSS sits at 0.44% (63rd percentile).

Technical ContextAI

The vulnerability lives in the Git Service component shared across Altium's cloud (Altium 365, cpe:2.3:a:altium:altium_365) and on-premises (Altium Enterprise Server, cpe:2.3:a:altium:altium_enterprise_server) PCB/EDA collaboration platforms. After a successful git clone, the service runs a sequence of file-manipulation operations whose source and destination paths are taken from user-supplied input and never canonicalized or constrained to the repository root - a textbook CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) condition. Because the Git Service runs as a privileged backend identity and hosts content for many repositories (and, on Altium 365, many tenants), traversal sequences such as '..' segments allow an authenticated client to write files into arbitrary filesystem locations that the service itself later loads or executes.

RemediationAI

On-premises operators should upgrade Altium Enterprise Server to 8.1.1 or later, which is the vendor-released patch and the only fully supported fix. Altium 365 customers are already covered because Altium has remediated the shared Git Service in production, but should still confirm via the advisories portal at https://www.altium.com/platform/security-compliance/security-advisories. If immediate patching of Altium Enterprise Server is not possible, compensating controls include tightly restricting which accounts are granted basic git access to the Enterprise Server (since exploitation requires an authenticated git user per the description), placing the Git Service behind a network segment reachable only by trusted engineering hosts, and enabling filesystem-level auditing on the Git Service account to alert on unexpected writes outside repository storage paths - note these controls reduce but do not eliminate risk from insider abuse or stolen credentials.

Share

EUVD-2026-34918 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy