CVE-2026-11414
Hard-Coded Key and Path Traversal in Altium Enterprise Server
Publication date: 2026-06-05
Last updated on: 2026-06-05
Assigner: Altium
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| altium | enterprise_server | * |
| altium | 365 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to access and retrieve sensitive files and server configuration data without any authentication. This exposure of sensitive information could lead to violations of data protection regulations such as GDPR and HIPAA, which require strict controls over access to personal and sensitive data.
Because the vulnerability enables unauthorized access to potentially sensitive data and server keys, it undermines the confidentiality and integrity requirements mandated by these standards.
Can you explain this vulnerability to me?
This vulnerability involves a hard-coded cryptographic key used by Altium Enterprise Server to sign file download URLs in its Vault service. Since the key is the same across all installations, an unauthenticated attacker who can access the server over the network can forge valid download signatures. This allows the attacker to retrieve files from the Vault storage without needing any authentication, session, or credentials.
Additionally, there is a separate path traversal vulnerability in the same download endpoint that lets an attacker escape the configured storage root directory. This enables reading arbitrary files on the server's filesystem. When combined, these vulnerabilities allow an unauthenticated attacker to obtain sensitive server configuration and key material, potentially leading to full server compromise.
It is important to note that Altium 365 cloud deployments are not practically impacted because they use object storage instead of the local filesystem.
How can this vulnerability impact me? :
The vulnerability can have severe impacts including unauthorized access to files stored in the Vault service without any authentication. An attacker can forge download signatures to retrieve sensitive files.
Through the path traversal flaw, attackers can read arbitrary files on the server filesystem, which may include sensitive server configuration and cryptographic key material.
These combined issues can lead to a full compromise of the server, exposing confidential data and potentially allowing further malicious actions.