CVE Catalog

CVE-2026-11419

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.50%

39th percentile - higher than 39% of all known CVEs

Summary

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path, allowing arbitrary files to be written to any location on the server filesystem writable by the service account.

Risk Assessment

The risk to the organization includes the ability to write files to web-accessible directories, which can lead to remote code execution, service takeover, or denial of service. Altium 365 cloud deployments are not affected as the vulnerable endpoint is not reachable.

Recommendation

It is recommended to review and strengthen path validation in file upload requests and to restrict the service account's write permissions to only necessary locations.

Original NVD description (English source)

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded, allowing arbitrary files to be written to any location on the server filesystem writable by the service account. Because content-controlled files can be written to web-accessible directories, or used to overwrite application binaries or configuration files, this can be escalated to remote code execution, service takeover, or denial of service. Altium 365 cloud deployments are not affected, as the affected endpoint is not reachable and the cloud storage architecture mitigates the file-write primitive.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS