CVE-2026-11419: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Altium Altium Enterprise Server
A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded, allowing arbitrary files to be written to any location on the server filesystem writable by the service account. Because content-controlled files can be written to web-accessible directories, or used to overwrite application binaries or configuration files, this can be escalated to remote code execution, service takeover, or denial of service. Altium 365 cloud deployments are not affected, as the affected endpoint is not reachable and the cloud storage architecture mitigates the file-write primitive.
AI Analysis
Technical Summary
This vulnerability arises from improper validation of user-controlled path components in image upload requests handled by the Altium Enterprise Server Vault Service UploadController. An authenticated attacker can exploit this flaw by providing an absolute path that discards the intended storage root restriction, allowing arbitrary files to be written anywhere on the server filesystem where the service account has write permissions. Because these files can be placed in web-accessible directories or overwrite critical application binaries or configuration files, the vulnerability can escalate to remote code execution, service takeover, or denial of service. The issue does not affect Altium 365 cloud deployments, as the vulnerable endpoint is not reachable and the cloud storage architecture prevents exploitation of this file-write capability.
Potential Impact
An authenticated user can write arbitrary files to any writable location on the server filesystem, potentially leading to remote code execution, full service takeover, or denial of service. This can compromise the confidentiality, integrity, and availability of the affected server. Altium 365 cloud deployments are not impacted by this vulnerability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or patch is currently documented, users should monitor Altium's advisories for updates. Altium 365 cloud deployments are not affected, so no action is required for those environments.
CVE-2026-11419: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Altium Altium Enterprise Server
Description
A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded, allowing arbitrary files to be written to any location on the server filesystem writable by the service account. Because content-controlled files can be written to web-accessible directories, or used to overwrite application binaries or configuration files, this can be escalated to remote code execution, service takeover, or denial of service. Altium 365 cloud deployments are not affected, as the affected endpoint is not reachable and the cloud storage architecture mitigates the file-write primitive.
CVSS v4.0
Score 9.4critical
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from improper validation of user-controlled path components in image upload requests handled by the Altium Enterprise Server Vault Service UploadController. An authenticated attacker can exploit this flaw by providing an absolute path that discards the intended storage root restriction, allowing arbitrary files to be written anywhere on the server filesystem where the service account has write permissions. Because these files can be placed in web-accessible directories or overwrite critical application binaries or configuration files, the vulnerability can escalate to remote code execution, service takeover, or denial of service. The issue does not affect Altium 365 cloud deployments, as the vulnerable endpoint is not reachable and the cloud storage architecture prevents exploitation of this file-write capability.
Potential Impact
An authenticated user can write arbitrary files to any writable location on the server filesystem, potentially leading to remote code execution, full service takeover, or denial of service. This can compromise the confidentiality, integrity, and availability of the affected server. Altium 365 cloud deployments are not impacted by this vulnerability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or patch is currently documented, users should monitor Altium's advisories for updates. Altium 365 cloud deployments are not affected, so no action is required for those environments.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Altium
- Date Reserved
- 2026-06-05T19:46:20.496Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a232f23e29bf47b50ba9e1f
Added to database: 6/5/2026, 8:18:43 PM
Last enriched: 6/5/2026, 8:34:01 PM
Last updated: 6/5/2026, 9:22:22 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.