Description
A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regular authenticated user can submit a collaboration message containing a crafted filename, which is later used to construct the download path on the server without validation, allowing arbitrary files to be read from the server filesystem.




Because the readable files include the server's master configuration, which stores credentials for privileged accounts, exploitation can lead to authenticating as a system administrator and gaining full control of the server. Altium 365 cloud deployments are not affected.
Published: 2026-06-05
Score: 9.4 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A path traversal flaw in the Altium Enterprise Server Collaboration Service lets an authenticated user embed a malicious filename in a collaboration message. The server later uses this unvalidated name to build a local file path during download, allowing the attacker to read any file on the server. Because the master configuration file, which holds privileged account credentials, is readable through this flaw, the attacker can obtain administrator credentials and gain full control of the server. The weakness originates from improper file path handling (CWE‑22) and inadequate authorization checks (CWE‑269).

Affected Systems

On‑premises installations of Altium Enterprise Server are affected; the cloud‑based Altium 365 deployments are not impacted. The public advisory does not specify exact version numbers, so any instance that has not received the vendor’s fix is potentially vulnerable.

Risk and Exploitability

The CVSS score of 9.4 indicates a high severity vulnerability. No EPSS data is available and the issue is not listed in the CISA KEV catalog, but the lack of such data does not diminish its risk. Exploitation requires a valid authenticated session with the Collaboration Service, making the attack vector internal but nonetheless potent for privileged account compromise.

Generated by OpenCVE AI on June 5, 2026 at 22:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Altium Enterprise Server security update that validates filenames in the MCAD and Simulation download flows.
  • Restrict the server’s Collaboration Service file access to a read‑only directory that excludes configuration files such as the master configuration.
  • Audit existing collaboration messages for URL‑encoded or otherwise malformed filenames and remove any that could resolve to sensitive server files.

Generated by OpenCVE AI on June 5, 2026 at 22:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sun, 07 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Altium
Altium enterprise Server
Vendors & Products Altium
Altium enterprise Server

Fri, 05 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regular authenticated user can submit a collaboration message containing a crafted filename, which is later used to construct the download path on the server without validation, allowing arbitrary files to be read from the server filesystem. Because the readable files include the server's master configuration, which stores credentials for privileged accounts, exploitation can lead to authenticating as a system administrator and gaining full control of the server. Altium 365 cloud deployments are not affected.
Title Path Traversal in Altium Enterprise Server Collaboration Service Allows Privilege Escalation
Weaknesses CWE-22
CWE-269
References
Metrics cvssV4_0

{'score': 9.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Altium Enterprise Server
cve-icon MITRE

Status: PUBLISHED

Assigner: Altium

Published:

Updated: 2026-06-08T13:10:31.368Z

Reserved: 2026-06-05T20:07:07.335Z

Link: CVE-2026-11423

cve-icon Vulnrichment

Updated: 2026-06-08T13:10:27.675Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-05T21:16:29.353

Modified: 2026-06-08T15:00:38.710

Link: CVE-2026-11423

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-07T11:15:45Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

  • CWE-269

    Improper Privilege Management