These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-9152 is a critical missing-authentication issue in Altium 365's legacy SearchService SOAP endpoint. An unauthenticated network attacker who can reference a target workspace identifier can interact with that workspace's search index without any session token or identity check, creating a cross-tenant exposure. The reported impact is limited to the search index layer, but that still includes sensit [truncated]
CVE-2026-9129 describes a critical path traversal flaw in Altium Enterprise Server Viewer StorageController. On on-premises deployments that use local filesystem storage, a regular authenticated user can submit a URL-encoded absolute path in a Viewer storage API request, causing the configured storage root to be bypassed and enabling arbitrary file reads from the server filesystem. The most concerning imp [truncated]
CVE-2026-9102 is a critical path traversal issue described in the CVE record and NVD entry for Altium Enterprise Server ComparisonService. The flaw stems from missing filename sanitization in Gerber file upload APIs, allowing an authenticated workspace user to supply a crafted filename in the multipart Content-Disposition header and escape the intended temporary upload directory. The result can be arbitra [truncated]