Skip to main content

Altium Enterprise Server

7 CVEs product

Monthly

CVE-2026-11431 HIGH PATCH This Week

Authenticated path traversal in Altium Enterprise Server (before 8.1.1) and Altium 365 lets a low-privileged user read arbitrary files - including service configuration and credential material - via a crafted path parameter to the Projects Service download endpoint. No public exploit is identified at time of analysis, but the flaw is chainable with CVE-2026-11424 to reach the cloud-side endpoint, and on multi-tenant Altium 365 deployments the leaked credentials could be shared across services, sharply amplifying blast radius.

Path Traversal Altium Enterprise Server Altium 365
NVD VulDB
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-11429 CRITICAL PATCH Act Now

Remote code execution in Altium Enterprise Server (versions prior to 8.1.1) and Altium 365 arises from a path traversal flaw in the shared Git Service component, which processes post-clone file-manipulation operations using user-supplied paths without validation. An authenticated user with basic git permissions can move arbitrary files outside the repository area, drop attacker-controlled scripts into directories the service later executes, and on multi-tenant Altium 365 infrastructure could have reached data belonging to other tenants on the same node. No public exploit identified at time of analysis, and EPSS sits at 0.44% (63rd percentile).

Path Traversal RCE Altium Enterprise Server Altium 365
NVD VulDB
CVSS 4.0
10.0
EPSS
0.4%
CVE-2026-11424 HIGH PATCH This Week

Server-side request forgery in the shared GraphQL service of Altium Enterprise Server (prior to 8.1.1) and Altium 365 allows authenticated users to coerce the server into issuing arbitrary outbound HTTP GET requests and receiving the response body. The flaw enables reconnaissance of internal services and cloud metadata endpoints not reachable from the public network. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure SSRF Altium Enterprise Server Altium 365
NVD VulDB
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-11423 CRITICAL PATCH Act Now

Arbitrary file read in Altium Enterprise Server Collaboration Service (versions prior to 8.1.1) allows an authenticated low-privileged user to traverse the server filesystem via crafted filenames in MCAD and Simulation download flows. Because retrievable files include the master configuration holding privileged credentials, the bug escalates to full administrative takeover of the on-premises server. No public exploit identified at time of analysis, and Altium 365 cloud tenants are explicitly out of scope.

Path Traversal Altium Enterprise Server
NVD
CVSS 4.0
9.4
EPSS
0.0%
CVE-2026-11414 CRITICAL PATCH Act Now

Unauthenticated file disclosure and arbitrary file read in Altium Enterprise Server prior to 8.1.1 allows any network-reachable attacker to forge signed Vault download URLs using a hard-coded key shipped identically across all installations. Chained with a co-located path traversal in the same download endpoint (and optionally CVE-2026-9152 for enumeration), an attacker can read arbitrary server-side files including configuration and key material, leading to full server compromise. No public exploit identified at time of analysis; CVSS 4.0 score is 10.0 and Altium 365 SaaS is not affected because cloud deployments use object storage rather than the local filesystem.

Authentication Bypass Path Traversal Hashicorp Altium Enterprise Server
NVD VulDB
CVSS 4.0
10.0
EPSS
0.1%
CVE-2026-9129 CRITICAL PATCH Act Now

Arbitrary file read in Altium Enterprise Server on-premise deployments allows any authenticated low-privilege user to escape the configured storage root via URL-encoded absolute paths in the Viewer StorageController API, exposing the master configuration containing database credentials, signing keys, certificate passwords, and OAuth secrets. The CVSS 4.0 base score of 9.4 reflects scope change to confidential information enabling full server takeover; no public exploit identified at time of analysis, but the vendor (Altium) has released a fix and cloud-hosted tenants are unaffected because they do not use the local filesystem storage component.

Path Traversal Altium Enterprise Server
NVD
CVSS 4.0
9.4
EPSS
0.0%
CVE-2026-9102 CRITICAL PATCH Act Now

Arbitrary file write in Altium Enterprise Server ComparisonService allows authenticated workspace users to escape the temporary upload directory and plant files anywhere on the host filesystem via crafted multipart Content-Disposition headers in the Gerber upload APIs. The flaw (CVSS 4.0 score 9.4, CWE-22) escalates to remote code execution by dropping payloads into web-accessible paths or overwriting service binaries, and a vendor patch is available. No public exploit identified at time of analysis.

Denial Of Service Path Traversal File Upload RCE Altium Enterprise Server
NVD
CVSS 4.0
9.4
EPSS
0.5%
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Authenticated path traversal in Altium Enterprise Server (before 8.1.1) and Altium 365 lets a low-privileged user read arbitrary files - including service configuration and credential material - via a crafted path parameter to the Projects Service download endpoint. No public exploit is identified at time of analysis, but the flaw is chainable with CVE-2026-11424 to reach the cloud-side endpoint, and on multi-tenant Altium 365 deployments the leaked credentials could be shared across services, sharply amplifying blast radius.

Path Traversal Altium Enterprise Server Altium 365
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Remote code execution in Altium Enterprise Server (versions prior to 8.1.1) and Altium 365 arises from a path traversal flaw in the shared Git Service component, which processes post-clone file-manipulation operations using user-supplied paths without validation. An authenticated user with basic git permissions can move arbitrary files outside the repository area, drop attacker-controlled scripts into directories the service later executes, and on multi-tenant Altium 365 infrastructure could have reached data belonging to other tenants on the same node. No public exploit identified at time of analysis, and EPSS sits at 0.44% (63rd percentile).

Path Traversal RCE Altium Enterprise Server +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Server-side request forgery in the shared GraphQL service of Altium Enterprise Server (prior to 8.1.1) and Altium 365 allows authenticated users to coerce the server into issuing arbitrary outbound HTTP GET requests and receiving the response body. The flaw enables reconnaissance of internal services and cloud metadata endpoints not reachable from the public network. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure SSRF Altium Enterprise Server +1
NVD VulDB
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

Arbitrary file read in Altium Enterprise Server Collaboration Service (versions prior to 8.1.1) allows an authenticated low-privileged user to traverse the server filesystem via crafted filenames in MCAD and Simulation download flows. Because retrievable files include the master configuration holding privileged credentials, the bug escalates to full administrative takeover of the on-premises server. No public exploit identified at time of analysis, and Altium 365 cloud tenants are explicitly out of scope.

Path Traversal Altium Enterprise Server
NVD
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Unauthenticated file disclosure and arbitrary file read in Altium Enterprise Server prior to 8.1.1 allows any network-reachable attacker to forge signed Vault download URLs using a hard-coded key shipped identically across all installations. Chained with a co-located path traversal in the same download endpoint (and optionally CVE-2026-9152 for enumeration), an attacker can read arbitrary server-side files including configuration and key material, leading to full server compromise. No public exploit identified at time of analysis; CVSS 4.0 score is 10.0 and Altium 365 SaaS is not affected because cloud deployments use object storage rather than the local filesystem.

Authentication Bypass Path Traversal Hashicorp +1
NVD VulDB
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

Arbitrary file read in Altium Enterprise Server on-premise deployments allows any authenticated low-privilege user to escape the configured storage root via URL-encoded absolute paths in the Viewer StorageController API, exposing the master configuration containing database credentials, signing keys, certificate passwords, and OAuth secrets. The CVSS 4.0 base score of 9.4 reflects scope change to confidential information enabling full server takeover; no public exploit identified at time of analysis, but the vendor (Altium) has released a fix and cloud-hosted tenants are unaffected because they do not use the local filesystem storage component.

Path Traversal Altium Enterprise Server
NVD
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

Arbitrary file write in Altium Enterprise Server ComparisonService allows authenticated workspace users to escape the temporary upload directory and plant files anywhere on the host filesystem via crafted multipart Content-Disposition headers in the Gerber upload APIs. The flaw (CVSS 4.0 score 9.4, CWE-22) escalates to remote code execution by dropping payloads into web-accessible paths or overwriting service binaries, and a vendor patch is available. No public exploit identified at time of analysis.

Denial Of Service Path Traversal File Upload +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy