CVE-2026-9152
published 2026-05-21CVE-2026-9152: A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring…
PriorityP266critical10CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.34%
25.7th percentile
A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a target workspace's identifier can interact with that workspace's search index, crossing tenant boundaries.
Successful exploitation allows reading a workspace's indexed contents (such as component data, project and folder names, and user metadata) and injecting, modifying, or deleting search index entries. These operations affect the search index only, not the underlying vault data, but they can disclose sensitive workspace information and compromise the integrity and availability of search results. Altium 365 cloud deployments are affected; on-premise Altium Enterprise Server is not affected.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| altium | altium_enterprise_server | < 8.1.1 | 8.1.1 |
| altium | on-prem_enterprise_server | < 8.1.1 | 8.1.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service.
ghsa_unreviewed·2026-06-05·CVSS 10.0
CVE-2026-11414 [CRITICAL] CWE-22 A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service.
A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and retrieve files from the Vault storage area without any authentication, session, or credentials.
A separate path traversal vulnerability in the same download endpoint allows the configured storage root to be escaped, enabling reads of arbitrary files on the server filesystem. Combined, these issues allow an unauthenticated attacker to obtain sensitive server configuration and key material, which can lead to full server compromise. The vulnerability can be chained with CVE-2026-9152 to enumerate and bulk-download stored co
VulDB
Altium 365 Legacy SOAP Endpoint missing authentication (CNNVD-202605-4662)
vuldb·2026-05-24·CVSS 10.0
CVE-2026-9152 [CRITICAL] Altium 365 Legacy SOAP Endpoint missing authentication (CNNVD-202605-4662)
A vulnerability identified as critical has been detected in Altium 365. The affected element is an unknown function of the component Legacy SOAP Endpoint. This manipulation causes missing authentication.
This vulnerability is registered as CVE-2026-9152. Remote exploitation of the attack is possible. No exploit is available.
This product is a managed service, therefore users are not responsible for maintaining vulnerability countermeasures.
GHSA
GHSA-g63v-r3mf-m22g: A missing authentication vulnerability exists in the Altium 365 SearchService
ghsa_unreviewed·2026-05-21
CVE-2026-9152 [CRITICAL] CWE-306 GHSA-g63v-r3mf-m22g: A missing authentication vulnerability exists in the Altium 365 SearchService
A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a target workspace's identifier can interact with that workspace's search index, crossing tenant boundaries.
Successful exploitation allows reading a workspace's indexed contents (such as component data, project and folder names, and user metadata) and injecting, modifying, or deleting search index entries. These operations affect the search index only, not the underlying vault data, but they can disclose sensitive workspace information and compromise the integrity and availability of search results. Altium 365 cloud
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-21
Published