CVE-2026-11431 - Vulnerability Details

- Path Traversal in Altium Projects Service Allows Arbitrary File Read

Description

A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypasses validation, allowing arbitrary files (including entire directories returned as archives) to be read from the server filesystem.

Because the readable files include service configuration and credential material, exploitation can be used to gather information enabling further compromise. The issue can be combined with CVE-2026-11424 to reach the cloud-side endpoint. On multi-tenant Altium 365 deployments, the readable configuration could have exposed credentials shared across services. Altium Enterprise Server is fixed in 8.1.1; the issue has been remediated in Altium 365 at the service level.

Published: 2026-06-05

Score: 8.3 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A path traversal flaw in the Projects Service download endpoint allows an authenticated user to supply a specially crafted path that bypasses validation and read arbitrary files from the server’s file system, including configuration files and credential material. This can expose sensitive data that can be used to further compromise the system or other services. The vulnerability can also be combined with another flaw (CVE‑2026‑11424) to reach cloud‑side endpoints, increasing the potential impact on multi‑tenant deployments.

Affected Systems

The flaw affects Altium 365 and Altium Enterprise Server. Altium Enterprise Server is fixed in version 8.1.1. The issue has been remediated at the service level for Altium 365, but any deployment not yet updated may remain vulnerable.

Risk and Exploitability

With a CVSS score of 8.3 the vulnerability is classified as high severity. EPSS data is not available and the issue is not listed in the CISA KEV catalog, indicating no known widespread exploitation yet. Because the flaw requires authentication, the attack vector is "authenticated user", and the threat is limited to compromised credentials—though exposed configuration could enable cross‑tenant compromise in multi‑tenant Altium 365 setups.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Altium

Altium Enterprise Server

unaffected

Version	Status	Constraints
`0`	affected	< 8.1.1

Altium

Altium 365

affected

Version	Status	Constraints
`unspecified`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Altium Enterprise Server to version 8.1.1 or later, ensuring the patch is applied.
Deploy the Altium 365 service‑level fix to all instances, ensuring the download endpoint no longer allows path traversal.
If a patch cannot be applied immediately, temporarily disable or restrict the Projects Service download endpoint for all users until the fix is in place.

Generated by OpenCVE AI on June 5, 2026 at 22:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00037.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.altium.com/platform/security-compliance/security-advisories

History

Fri, 05 Jun 2026 21:30:00 +0000

Type	Values Removed	Values Added
Description		A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypasses validation, allowing arbitrary files (including entire directories returned as archives) to be read from the server filesystem. Because the readable files include service configuration and credential material, exploitation can be used to gather information enabling further compromise. The issue can be combined with CVE-2026-11424 to reach the cloud-side endpoint. On multi-tenant Altium 365 deployments, the readable configuration could have exposed credentials shared across services. Altium Enterprise Server is fixed in 8.1.1; the issue has been remediated in Altium 365 at the service level.
Title		Path Traversal in Altium Projects Service Allows Arbitrary File Read
Weaknesses		CWE-200 CWE-22
References		https://www.altium.com/platform/security-compliance/security-advisories
Metrics		cvssV4_0 `{'score': 8.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: Altium

Published: 2026-06-05T21:08:05.532Z

Updated: 2026-06-05T21:08:05.532Z

Reserved: 2026-06-05T21:03:16.924Z

Link: CVE-2026-11431

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-05T22:16:47.650

Modified: 2026-06-05T22:16:47.650

Link: CVE-2026-11431

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-05T23:00:11Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object