CVE-2026-11429 - Vulnerability Details

- Path Traversal in Altium Git Service Allows Remote Code Execution

Description

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to move arbitrary files outside the intended repository area.

This file-move primitive can be used to place attacker-controlled script content into directories where it is later executed by the service, resulting in remote code execution under the Git Service account. On multi-tenant Altium 365 deployments, this could have allowed access to data belonging to other tenants on the same infrastructure node. Altium Enterprise Server is fixed in 8.1.1; the issue has been remediated in Altium 365 at the service level.

Published: 2026-06-05

Score: 9.4 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A path traversal flaw in the Git Service component allows an authenticated user with basic git rights to supply file paths that escape the intended repository boundaries. The attacker can move arbitrary files and place attacker‑controlled script content into directories that are later invoked by the service. This provides remote code execution under the Git Service account. In multi‑tenant Altium 365 environments, the flaw could also expose data belonging to other tenants on the same node.

Affected Systems

The vulnerability impacts Altium 365 and Altium Enterprise Server. Altium Enterprise Server is affected by versions prior to 8.1.1, which includes the Git Service component that accepts unvalidated paths. Altium 365 has a service‑level fix that addresses the same flaw.

Risk and Exploitability

With a CVSS score of 9.4, the vulnerability is considered critical. The EPSS score is unavailable, but the lack of a KEV listing does not diminish the severity. The attack requires authentication and basic git access, yet the ability to execute code is obtained through repository path manipulation. Attackers who can manipulate file move operations can place malicious scripts that are later executed by the service, enabling full control of the Git Service account.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Altium

Altium Enterprise Server

unaffected

Version	Status	Constraints
`0`	affected	< 8.1.1

Altium

Altium 365

affected

Version	Status	Constraints
`unspecified`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Altium Enterprise Server to version 8.1.1 or later, which contains the fixed Git Service component.
Ensure the Altium 365 service is updated to the latest patched version that remediates the path‑traversal flaw.
Limit git access and file‑move permissions to only trusted users, and monitor repository operations for suspicious file movements.

Generated by OpenCVE AI on June 5, 2026 at 22:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00437.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.altium.com/platform/security-compliance/security-advisories

History

Fri, 05 Jun 2026 21:30:00 +0000

Type	Values Removed	Values Added
Description		A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to move arbitrary files outside the intended repository area. This file-move primitive can be used to place attacker-controlled script content into directories where it is later executed by the service, resulting in remote code execution under the Git Service account. On multi-tenant Altium 365 deployments, this could have allowed access to data belonging to other tenants on the same infrastructure node. Altium Enterprise Server is fixed in 8.1.1; the issue has been remediated in Altium 365 at the service level.
Title		Path Traversal in Altium Git Service Allows Remote Code Execution
Weaknesses		CWE-22 CWE-94
References		https://www.altium.com/platform/security-compliance/security-advisories
Metrics		cvssV4_0 `{'score': 9.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: Altium

Published: 2026-06-05T21:01:37.963Z

Updated: 2026-06-05T21:01:37.963Z

Reserved: 2026-06-05T20:52:55.972Z

Link: CVE-2026-11429

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-05T22:16:47.503

Modified: 2026-06-05T22:16:47.503

Link: CVE-2026-11429

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-05T22:30:06Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object