CVE-2026-9129
Path Traversal in Altium Enterprise Server Viewer
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: Altium
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| altium | enterprise_server_viewer | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a path traversal issue in the Altium Enterprise Server Viewer StorageController. It occurs because the system improperly handles file path route parameters. Specifically, on on-premise deployments using local filesystem storage, an authenticated user can send a URL-encoded absolute path in a Viewer storage API request. This causes the configured storage root directory to be ignored, allowing the user to read arbitrary files from the server's filesystem.
The files that can be read include critical server configuration files containing database credentials, signing key locations, certificate passwords, and OAuth secrets. Exploiting this vulnerability can lead to disclosure of all server secrets and full compromise of the server and its data. Cloud deployments are not affected because they use object storage and do not enable this vulnerable component.
How can this vulnerability impact me? :
Exploitation of this vulnerability can have severe impacts. An attacker with regular authenticated access can read arbitrary files on the server, including sensitive configuration files that store database credentials, signing keys, certificate passwords, and OAuth secrets.
This can lead to full disclosure of all server secrets, resulting in complete compromise of the server and its data. Such a compromise can allow unauthorized access, data theft, and potentially further attacks on connected systems.
It is important to note that only on-premise deployments using local filesystem storage are affected; cloud deployments using object storage are not vulnerable.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that your deployment is not using on-premise local filesystem storage for the Altium Enterprise Server Viewer StorageController component, as cloud deployments are not affected.
Additionally, restrict or review authenticated user access to the Viewer storage API to prevent supplying URL-encoded absolute paths that could bypass storage root restrictions.
Monitor Altium's official security advisories for patches or updates addressing this vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an authenticated user to read arbitrary files on the server filesystem, including sensitive server secrets such as database credentials, signing key locations, certificate passwords, and OAuth secrets.
This exposure of sensitive information could lead to a full compromise of the server and its data, which may result in violations of data protection regulations like GDPR and HIPAA that require safeguarding of personal and sensitive data.
However, the provided information does not explicitly discuss compliance impacts or mention specific standards or regulations.