Description
Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. No authentication, session, or credentials are required.




Because content-controlled files can be written to web-accessible directories, or used to overwrite application binaries or configuration files, exploitation can be escalated to remote code execution in the context of the service account, and can disclose deployment package contents. Altium 365 cloud deployments are not affected, as the Network Installation Service is not part of the cloud offering.
Published: 2026-06-05
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the Network Installation Service of Altium Enterprise Server and allows an unauthenticated attacker to write arbitrary files to any writable location on the server and to read package archive files. This path traversal flaw can produce files in web‑accessible directories, overwrite application binaries or configuration files, and ultimately lead to remote code execution in the context of the service account. The increase from file write and read to executable execution is explicitly noted in the advisory, so the potential impact spans confidentiality, integrity, and availability of the entire server.

Affected Systems

Altium Enterprise Server has been identified as the affected product. No version information is supplied, so any installation of Altium Enterprise Server that includes the Network Installation Service is potentially impacted.

Risk and Exploitability

The CVSS score of 10 indicates a high risk rating and the vulnerability is exploitable without authentication, session credentials, or remote code execution prerequisites beyond network access. The EPSS score is not available, but the lack of authentication means a network attacker can attempt exploitation with low effort. The vulnerability is not listed in CISA KEV, but the severity and possible RCE path make it a high priority for immediate remediation.

Generated by OpenCVE AI on June 5, 2026 at 21:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued patch for Altium Enterprise Server that fixes the Network Installation Service path traversal flaw
  • If a patch is not yet available, disable or block the Network Installation Service to eliminate the attack surface
  • Restrict network access to the server and enforce strict file permissions for web‑accessible directories to mitigate potential write and read abuse

Generated by OpenCVE AI on June 5, 2026 at 21:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. No authentication, session, or credentials are required. Because content-controlled files can be written to web-accessible directories, or used to overwrite application binaries or configuration files, exploitation can be escalated to remote code execution in the context of the service account, and can disclose deployment package contents. Altium 365 cloud deployments are not affected, as the Network Installation Service is not part of the cloud offering.
Title Path Traversal in Altium Enterprise Server NIS Allows Unauthenticated Arbitrary File Write and File Read
Weaknesses CWE-22
CWE-306
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Altium

Published:

Updated: 2026-06-05T20:29:45.593Z

Reserved: 2026-06-05T19:57:41.002Z

Link: CVE-2026-11420

cve-icon Vulnrichment

Updated: 2026-06-05T20:29:42.446Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-05T20:17:29.350

Modified: 2026-06-05T20:49:52.790

Link: CVE-2026-11420

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T21:45:05Z

Weaknesses