Altium Enterprise Server uses a hard-coded cryptographic key for signing file download URLs in its Vault service, which is uniform across all installations. This allows unauthenticated attackers with network access to forge download signatures and access files without credentials. A separate path traversal vulnerability in the download endpoint allows escaping the configured storage root to read arbitrary server files. The combination of these issues can expose sensitive server configuration and key material, risking full server compromise. This vulnerability can be chained with CVE-2026-9152 to enumerate and bulk-download stored content. Altium 365 cloud deployments are not impacted because they use object storage instead of local filesystem storage.

An unauthenticated network attacker can exploit the hard-coded cryptographic key to forge valid download signatures and retrieve files from the Vault service without any authentication. The path traversal vulnerability further allows reading arbitrary files on the server filesystem. Together, these vulnerabilities can expose sensitive server configuration and cryptographic key material, which may lead to full compromise of the server. The vulnerability has a CVSS 4.0 score of 10.0, indicating critical severity. Altium 365 cloud deployments are not affected in practice.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary mitigation has been indicated in the available data. Until a patch is available, restrict network access to the Altium Enterprise Server to trusted users only to reduce exposure. Monitor vendor communications for updates on remediation.