CVE Catalog

CVE-2026-9129

Critical
Published: Translated: NVD NIST

Summary

A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. An authenticated user can supply a URL-encoded absolute path, allowing arbitrary files to be read from the server filesystem.

Risk Assessment

Exploitation of this vulnerability can lead to the disclosure of sensitive information, such as database credentials and OAuth keys, resulting in full compromise of the server and its data.

Recommendation

It is recommended to restrict access to the storage API and to monitor and update server configurations to minimize the risk of exploitation of this vulnerability.

Original NVD description (English source)

A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. On on-premise deployments that use local filesystem storage, a regular authenticated user can supply a URL-encoded absolute path (such as an encoded drive letter) in a Viewer storage API request, causing the configured storage root to be discarded and allowing arbitrary files to be read from the server filesystem. Because the readable files include the server's master configuration, which stores database credentials, signing key locations, certificate passwords, and OAuth secrets, exploitation can lead to disclosure of all server secrets and full compromise of the server and its data. Cloud deployments are not affected, as they use object storage and do not enable this component.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS