The vulnerability arises from improper handling of file path route parameters in the Altium Enterprise Server Viewer StorageController. Specifically, on on-premise deployments with local filesystem storage, an authenticated user can provide a URL-encoded absolute path (e.g., an encoded drive letter) in API requests, which causes the server to ignore the configured storage root directory. This allows the user to read arbitrary files from the server filesystem, including highly sensitive configuration files that store critical secrets. The vulnerability is classified under CWE-22 (Path Traversal) and CWE-200 (Information Exposure). Cloud deployments are not vulnerable due to their use of object storage and the absence of this component.

Successful exploitation allows an authenticated user to read arbitrary files on the server filesystem, including the master configuration file that contains database credentials, signing key locations, certificate passwords, and OAuth secrets. This disclosure can lead to full compromise of the server and its data. The CVSS 4.0 base score is 9.4, indicating critical severity with network attack vector, low attack complexity, no user interaction, and high impact on confidentiality, integrity, availability, and security requirements.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is provided, organizations should monitor Altium's advisories for updates. Cloud deployments are not affected and require no action. For on-premise deployments, consider restricting access to the Viewer StorageController API to trusted users only and applying compensating controls such as network segmentation or additional authentication layers until a fix is available.