CRITICAL🇵🇱 Wersja polska

CVE-2026-11429

CVSS 10.0v4.0pub. 2026-06-05upd. 2026-06-09

Two endpoints in the Vault Service ScriptsController, shared by Altium Enterprise Server and Altium 365, accept file uploads where a user-supplied filename component is used to construct the destination path without validation, allowing arbitrary files to be written to any location writable by the service account. Because the file write operation completes before authentication is validated, the vulnerability can be exploited without any credentials, session, or prior knowledge of the system. An unauthenticated network attacker can use this primitive to place executable content in directories where it is later executed by the service, resulting in remote code execution under the Vault Service account. Altium Enterprise Server is fixed in 8.1.1; the issue has been remediated in Altium 365 (commercial and government cloud) at the service level.

🤖 AI Analysis
How it works

Endpoints accepting file uploads use the filename supplied by the user to construct the target write path without any validation – a classic path traversal (CWE-22). The key element is the order of operations: file write occurs before authentication verification (CWE-306), meaning the attacker does not need to possess any credentials, session, or system knowledge. By placing an executable file in a directory from which the Vault Service later executes it, the attacker causes remote code execution.

Impact

An unauthenticated network attacker can achieve remote code execution (RCE) in the context of the Vault Service account, which may lead to complete takeover of the server and associated systems.

Mitigation & patch

Altium Enterprise Server should be updated to version 8.1.1 or later. For Altium 365 (commercial and government cloud), the fix has been implemented by the vendor at the service level – no user action is required. Details are available in the vendor's references: https://www.altium.com/platform/security-compliance/security-advisories

Who is affected

Altium Enterprise Server in versions before 8.1.1; Altium 365 (commercial and government cloud) – vulnerability patched at the service level by the vendor

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEPath Traversal
CWE
References