Skip to main content

On Prem Enterprise Server

6 CVEs product

Monthly

CVE-2026-11420 CRITICAL PATCH Act Now

Unauthenticated arbitrary file write and read in the Network Installation Service (NIS) component of Altium Enterprise Server enables remote attackers to overwrite binaries or configuration, drop content into web-accessible directories, and exfiltrate package archives - escalating to remote code execution as the service account. The CVSS 4.0 score of 10.0 (AV:N/AC:L/PR:N/UI:N with high impact across confidentiality, integrity, availability and scope) reflects a worst-case unauthenticated network primitive. No public exploit identified at time of analysis, and Altium 365 cloud deployments are explicitly out of scope.

Path Traversal RCE On Prem Enterprise Server
NVD VulDB
CVSS 4.0
10.0
EPSS
0.7%
CVE-2026-11419 CRITICAL PATCH Act Now

Arbitrary file write in the Altium Enterprise Server Vault Service allows authenticated users to escape the configured storage root via the UploadController image upload endpoint and place content-controlled files anywhere the service account can write. The flaw (CVSS 4.0 base 9.4, CWE-22) escalates to remote code execution, service takeover, or denial of service by overwriting application binaries, configuration files, or dropping payloads in web-accessible directories. No public exploit identified at time of analysis, and Altium 365 cloud deployments are explicitly out of scope.

Denial Of Service Path Traversal Hashicorp RCE On Prem Enterprise Server
NVD VulDB
CVSS 4.0
9.4
EPSS
0.4%
CVE-2025-27380 HIGH This Week

HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content. [CVSS 7.6 HIGH]

RCE XSS On Prem Enterprise Server
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-27379 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content. [CVSS 6.8 MEDIUM]

XSS On Prem Enterprise Server
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-27378 HIGH This Week

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries. [CVSS 8.6 HIGH]

SQLi On Prem Enterprise Server
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-1010 HIGH This Week

Stored XSS in Altium Workflow Engine allows authenticated users to inject malicious scripts into workflow forms that execute with administrator privileges when viewed. An attacker can exploit this to escalate privileges, create new admin accounts, steal session tokens, and perform arbitrary administrative actions. No patch is currently available for the on-premises enterprise server deployment.

XSS Privilege Escalation On Prem Enterprise Server
NVD
CVSS 3.1
8.0
EPSS
0.0%
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

Unauthenticated arbitrary file write and read in the Network Installation Service (NIS) component of Altium Enterprise Server enables remote attackers to overwrite binaries or configuration, drop content into web-accessible directories, and exfiltrate package archives - escalating to remote code execution as the service account. The CVSS 4.0 score of 10.0 (AV:N/AC:L/PR:N/UI:N with high impact across confidentiality, integrity, availability and scope) reflects a worst-case unauthenticated network primitive. No public exploit identified at time of analysis, and Altium 365 cloud deployments are explicitly out of scope.

Path Traversal RCE On Prem Enterprise Server
NVD VulDB
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

Arbitrary file write in the Altium Enterprise Server Vault Service allows authenticated users to escape the configured storage root via the UploadController image upload endpoint and place content-controlled files anywhere the service account can write. The flaw (CVSS 4.0 base 9.4, CWE-22) escalates to remote code execution, service takeover, or denial of service by overwriting application binaries, configuration files, or dropping payloads in web-accessible directories. No public exploit identified at time of analysis, and Altium 365 cloud deployments are explicitly out of scope.

Denial Of Service Path Traversal Hashicorp +2
NVD VulDB
EPSS 0% CVSS 7.6
HIGH This Week

HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content. [CVSS 7.6 HIGH]

RCE XSS On Prem Enterprise Server
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content. [CVSS 6.8 MEDIUM]

XSS On Prem Enterprise Server
NVD
EPSS 0% CVSS 8.6
HIGH This Week

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries. [CVSS 8.6 HIGH]

SQLi On Prem Enterprise Server
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Stored XSS in Altium Workflow Engine allows authenticated users to inject malicious scripts into workflow forms that execute with administrator privileges when viewed. An attacker can exploit this to escalate privileges, create new admin accounts, steal session tokens, and perform arbitrary administrative actions. No patch is currently available for the on-premises enterprise server deployment.

XSS Privilege Escalation On Prem Enterprise Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy