CVE-2026-9102: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Altium Altium Enterprise Server
A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated workspace user can supply a crafted filename in the multipart Content-Disposition header to escape the intended temporary upload directory and write arbitrary files to any location on the server filesystem. Because content-controlled files can be written to web-accessible directories, this can be escalated to remote code execution in the context of the service account. It can also be used to overwrite application binaries or configuration files, leading to service takeover or denial of service.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-9102) affects Altium Enterprise Server's ComparisonService component. The issue is due to improper limitation of a pathname (CWE-22) and insufficient validation of uploaded file names in the Gerber file upload APIs. Authenticated users can supply specially crafted filenames in the multipart Content-Disposition header to traverse directories outside the designated temporary upload folder. This allows writing arbitrary files anywhere on the server filesystem, including web-accessible directories. The impact includes possible remote code execution, service account compromise, and disruption of service through overwriting critical files.
Potential Impact
An authenticated workspace user can exploit this vulnerability to write arbitrary files on the server, potentially leading to remote code execution under the service account's privileges. This can result in full service takeover, denial of service, or unauthorized modification of application binaries and configuration files. The CVSS 4.0 base score is 9.4, indicating a critical severity with network attack vector, low attack complexity, no user interaction, and high impact on confidentiality, integrity, availability, and scope.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary workaround has been published at this time. Until a patch is available, restrict access to the Altium Enterprise Server to trusted users only and monitor for suspicious file uploads. Avoid exposing the service to untrusted networks. Follow vendor communications closely for updates on remediation.
CVE-2026-9102: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Altium Altium Enterprise Server
Description
A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated workspace user can supply a crafted filename in the multipart Content-Disposition header to escape the intended temporary upload directory and write arbitrary files to any location on the server filesystem. Because content-controlled files can be written to web-accessible directories, this can be escalated to remote code execution in the context of the service account. It can also be used to overwrite application binaries or configuration files, leading to service takeover or denial of service.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-9102) affects Altium Enterprise Server's ComparisonService component. The issue is due to improper limitation of a pathname (CWE-22) and insufficient validation of uploaded file names in the Gerber file upload APIs. Authenticated users can supply specially crafted filenames in the multipart Content-Disposition header to traverse directories outside the designated temporary upload folder. This allows writing arbitrary files anywhere on the server filesystem, including web-accessible directories. The impact includes possible remote code execution, service account compromise, and disruption of service through overwriting critical files.
Potential Impact
An authenticated workspace user can exploit this vulnerability to write arbitrary files on the server, potentially leading to remote code execution under the service account's privileges. This can result in full service takeover, denial of service, or unauthorized modification of application binaries and configuration files. The CVSS 4.0 base score is 9.4, indicating a critical severity with network attack vector, low attack complexity, no user interaction, and high impact on confidentiality, integrity, availability, and scope.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary workaround has been published at this time. Until a patch is available, restrict access to the Altium Enterprise Server to trusted users only and monitor for suspicious file uploads. Avoid exposing the service to untrusted networks. Follow vendor communications closely for updates on remediation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Altium
- Date Reserved
- 2026-05-20T16:06:24.984Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a0e0cd2ba1db473629e7998
Added to database: 5/20/2026, 7:34:42 PM
Last enriched: 5/20/2026, 7:48:49 PM
Last updated: 5/21/2026, 6:11:05 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.