CVE-2026-11429
published 2026-06-05CVE-2026-11429: Two endpoints in the Vault Service ScriptsController, shared by Altium Enterprise Server and Altium 365, accept file uploads where a user-supplied filename…
PriorityP272critical10CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
1.15%
62.7th percentile
Two endpoints in the Vault Service ScriptsController, shared by Altium Enterprise Server and Altium 365, accept file uploads where a user-supplied filename component is used to construct the destination path without validation, allowing arbitrary files to be written to any location writable by the service account. Because the file write operation completes before authentication is validated, the vulnerability can be exploited without any credentials, session, or prior knowledge of the system.
An unauthenticated network attacker can use this primitive to place executable content in directories where it is later executed by the service, resulting in remote code execution under the Vault Service account. Altium Enterprise Server is fixed in 8.1.1; the issue has been remediated in Altium 365 (commercial and government cloud) at the service level.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| altium | altium_365 | — | — |
| altium | altium_enterprise_server | < 8.1.1 | 8.1.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365.
ghsa_unreviewed·2026-06-06
CVE-2026-11429 [CRITICAL] CWE-22 A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365.
A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to move arbitrary files outside the intended repository area.
This file-move primitive can be used to place attacker-controlled script content into directories where it is later executed by the service, resulting in remote code execution under the Git Service account. On multi-tenant Altium 365 deployments, this could have allowed access to data belonging to other tenants on the same infrastructure node. Altium Enterprise Server is fixed in 8.1.1; the issue has been remediated in Altium 365 at the s
VulDB
Altium Enterprise Server/365 up to 8.1.0 Git Service path traversal
vuldb·2026-06-06·CVSS 9.4
CVE-2026-11429 [CRITICAL] Altium Enterprise Server/365 up to 8.1.0 Git Service path traversal
A vulnerability was found in Altium Enterprise Server and 365 up to 8.1.0 and classified as critical. This issue affects some unknown processing of the component Git Service. The manipulation results in path traversal.
This vulnerability was named CVE-2026-11429. The attack may be performed from remote. There is no available exploit.
It is suggested to upgrade the affected component.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-05
Published