CVE-2026-11431
Awaiting Analysis Awaiting Analysis - Queue
Path Traversal in Altium Enterprise Server and Altium 365

Publication date: 2026-06-05

Last updated on: 2026-06-08

Assigner: Altium

Description
A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypasses validation, allowing arbitrary files (including entire directories returned as archives) to be read from the server filesystem. Because the readable files include service configuration and credential material, exploitation can be used to gather information enabling further compromise. The issue can be combined with CVE-2026-11424 to reach the cloud-side endpoint. On multi-tenant Altium 365 deployments, the readable configuration could have exposed credentials shared across services. Altium Enterprise Server is fixed in 8.1.1; the issue has been remediated in Altium 365 at the service level.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-05
Last Modified
2026-06-08
Generated
2026-06-27
AI Q&A
2026-06-06
EPSS Evaluated
2026-06-25
NVD
CVE-2026-11431
EUVD
EUVD-2026-34919
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
altium enterprise_server 8.1.1
altium 365 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a path traversal issue in the Projects Service download endpoint used by Altium Enterprise Server and Altium 365. An authenticated user can provide a specially crafted path parameter that bypasses normal validation checks, allowing them to read arbitrary files or entire directories from the server's filesystem.

Because the files that can be read include service configuration and credential material, an attacker could gather sensitive information that might enable further compromise of the system.

Additionally, this vulnerability can be combined with another vulnerability (CVE-2026-11424) to reach cloud-side endpoints, and on multi-tenant Altium 365 deployments, it could expose credentials shared across services.

Impact Analysis

Exploitation of this vulnerability can lead to unauthorized access to sensitive files on the server, including configuration files and credential material.

This can enable attackers to gather information that facilitates further compromise of the system, potentially leading to data breaches or unauthorized control over services.

In multi-tenant environments, exposed credentials could affect multiple services or tenants, increasing the scope and impact of the attack.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade to the fixed versions of the affected software.

  • For Altium Enterprise Server, upgrade to version 8.1.1 or later.
  • For Altium 365, ensure the service-level remediation has been applied.

Additionally, restrict authenticated user access to the Projects Service download endpoint until the update is applied to prevent exploitation.

Compliance Impact

This vulnerability allows an authenticated user to read arbitrary files from the server filesystem, including service configuration and credential material. Such unauthorized access to sensitive information could lead to data breaches or unauthorized disclosure of personal or protected data.

Because the vulnerability can expose credentials and configuration data, it may impact compliance with standards and regulations like GDPR and HIPAA, which require protection of personal data and sensitive information against unauthorized access.

Exploitation of this vulnerability could therefore increase the risk of non-compliance with these regulations due to potential data exposure and insufficient protection of sensitive information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11431. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart