PatchSiren

Altium CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Altium CVE published 2026-06-05

CVE-2026-11431

A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypasses validation, allowing arbitrary files (including entire directories returned as archives) to be read from the server filesystem. Because the readable files include service configuration and credential mater [truncated]

CRITICAL Altium CVE published 2026-06-05

CVE-2026-11429

CVE-2026-11429 is a critical vulnerability (CVSS Score: 10) affecting Altium Enterprise Server and Altium 365. The vulnerability exists in two endpoints of the Vault Service ScriptsController, which allow file uploads with user-supplied filenames used to construct destination paths without validation. This allows an unauthenticated network attacker to write arbitrary files to any location writable by the [truncated]

HIGH Altium CVE published 2026-06-05

CVE-2026-11424

A server-side request forgery (SSRF) vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit a request whose input is treated as a URL by the server and used to issue an outbound HTTP GET request without URL validation or destination filtering. The response body is then returned to the user.

CRITICAL Altium CVE published 2026-06-05

CVE-2026-11420

CVE-2026-11420 is a critical vulnerability in Altium Enterprise Server's Network Installation Service (NIS). Two path traversal vulnerabilities allow unauthenticated network attackers to write arbitrary files to any writable location on the server filesystem and read package archive files from the server. No authentication, session, or credentials are required for exploitation. The vulnerabilities can be [truncated]

CRITICAL Altium CVE published 2026-06-05

CVE-2026-11419

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded, allowing arbitrary files to be written to any location on the server filesystem writable by the service account [truncated]

CRITICAL Altium CVE published 2026-06-05

CVE-2026-11414

CVE-2026-11414 is a critical vulnerability in Altium Enterprise Server. The issue involves a hard-coded cryptographic key used to sign file download URLs in the Vault service. This key is identical across all installations, allowing an unauthenticated network attacker to forge valid download signatures and retrieve files from the Vault storage area without authentication. Additionally, a path traversal vu [truncated]

CRITICAL Altium CVE published 2026-05-21

CVE-2026-9152

CVE-2026-9152 is a critical missing-authentication issue in Altium 365's legacy SearchService SOAP endpoint. An unauthenticated network attacker who can reference a target workspace identifier can interact with that workspace's search index without any session token or identity check, creating a cross-tenant exposure. The reported impact is limited to the search index layer, but that still includes sensit [truncated]

CRITICAL Altium CVE published 2026-05-20

CVE-2026-9129

CVE-2026-9129 describes a critical path traversal flaw in Altium Enterprise Server Viewer StorageController. On on-premises deployments that use local filesystem storage, a regular authenticated user can submit a URL-encoded absolute path in a Viewer storage API request, causing the configured storage root to be bypassed and enabling arbitrary file reads from the server filesystem. The most concerning imp [truncated]

CRITICAL Altium CVE published 2026-05-20

CVE-2026-9102

CVE-2026-9102 is a critical path traversal issue described in the CVE record and NVD entry for Altium Enterprise Server ComparisonService. The flaw stems from missing filename sanitization in Gerber file upload APIs, allowing an authenticated workspace user to supply a crafted filename in the multipart Content-Disposition header and escape the intended temporary upload directory. The result can be arbitra [truncated]