A server‑side request forgery flaw exists in a GraphQL service shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a URL value that the service treats as an outbound HTTP GET target without performing any validation or restricting the destination. The server then returns the response body to the requester, allowing internal services and metadata endpoints to be accessed that would normally be unreachable from the public network. The attack vector is limited to HTTP GET requests without custom headers, but the impact is the exposure of sensitive system information and internal infrastructure reconnaissance.

Altium Enterprise Server is impacted in all releases prior to version 8.1.1. The Altium 365 platform has addressed the issue at the service level, though the specific version range of the affected service is not enumerated in the advisory.

The vulnerability has a CVSS score of 8.3, indicating high severity. No EPSS score is currently available, and the vulnerability is not listed in CISA's KEV catalog. Because the flaw requires authentication, an attacker must first compromise or obtain credentials for an authorized user; once authenticated, the attacker can explore the internal network via the SSRF mechanism. The lack of custom HTTP headers simplifies exploitation, but the limited outbound method may reduce the breadth of potential data exfiltration. Overall, the risk is significant for affected deployments, especially those exposed to untrusted or externally reachable authenticated users.