CVE-2026-11420
Path Traversal in Altium Enterprise Server NIS
Publication date: 2026-06-05
Last updated on: 2026-06-05
Assigner: Altium
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| altium | enterprise_server | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves two path traversal issues in the Network Installation Service (NIS) of Altium Enterprise Server. An unauthenticated attacker can exploit these flaws to write arbitrary files to any writable location on the server's filesystem and read package archive files from the server without needing any authentication or credentials.
Because the attacker can write files to web-accessible directories or overwrite application binaries or configuration files, this can lead to remote code execution under the service account's privileges. Additionally, the attacker can disclose the contents of deployment packages.
It is important to note that Altium 365 cloud deployments are not affected by this vulnerability since the Network Installation Service is not part of the cloud offering.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized file writes and reads on the server, which can lead to remote code execution. An attacker can potentially overwrite critical application binaries or configuration files, compromising the integrity and availability of the system.
The ability to read package archive files can lead to information disclosure, exposing sensitive deployment package contents.
Overall, exploitation can result in full compromise of the affected server, loss of data confidentiality, integrity, and availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to write arbitrary files and read package archives on the server, potentially leading to remote code execution and disclosure of deployment package contents.
Such unauthorized access and potential data disclosure could lead to non-compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and secure system access.
However, the provided information does not explicitly mention the impact on compliance with these standards.