CVE-2026-9102
Path Traversal in Altium Enterprise Server
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: Altium
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| altium | enterprise_server | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability allows an attacker to write files to web-accessible directories, which can lead to remote code execution with the privileges of the service account. Additionally, it can be used to overwrite application binaries or configuration files, potentially resulting in service takeover or denial of service.
Can you explain this vulnerability to me?
This vulnerability is a path traversal issue in the Altium Enterprise Server ComparisonService. It occurs because the Gerber file upload APIs do not properly sanitize filenames. An authenticated user can craft a filename in the multipart Content-Disposition header that escapes the intended temporary upload directory, allowing them to write arbitrary files anywhere on the server filesystem.