HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-11423Published Modified CNA Altium

CVE-2026-11423: Path Traversal in Altium Enterprise Server Collaboration Service Allows Privilege Escalation

A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regular authenticated user can submit a collaboration message containing a crafted filename, which is later used to construct the download path on the server without validation, allowing arbitrary files to be read from the server filesystem. Because the readable files include the server's master configuration, which stores credentials for privileged accounts, exploitation can lead to authenticating as a system administrator and gaining full control of the server. Altium 365 cloud deployments are not affected.

Metrics

CVSS v4.0
9.4
Severity
CRITICAL
Fixed in
8.1.1
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A path traversal vulnerability in the Altium Enterprise Server Collaboration Service allows a regular authenticated user to read arbitrary files from the server filesystem by submitting a crafted filename in a collaboration message used in MCAD or Simulation file download flows. Because the server's master configuration file is readable this way and stores privileged account credentials, an attacker can escalate to full administrator control of the server. A patched-image rebuild at version 8.1.1 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images, including custom-built images that package Altium Enterprise Server. Any image running a version of Altium Enterprise Server below 8.1.1 is flagged automatically.

Available
Triage

HarborGuard scores this CVE at CVSS 9.4 (Critical) and weights findings against each environment's compliance policy to surface priority routing to the appropriate team inbox within each customer organization.

Available
Patch

A patched-image rebuild at Altium Enterprise Server 8.1.1 becomes available on HarborGuard once the fix version is confirmed in the upstream advisory. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a PR against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The Collaboration Service must be reachable over the network; an attacker sends the crafted filename payload via a standard network request to the exposed service endpoint.

  • AuthenticationRequired

    Any low-privilege authenticated account is sufficient; the attacker does not need elevated or administrative credentials to submit the malicious collaboration message.

  • Victim interactionNot required

    No victim action is needed; the attacker interacts directly with the server API without requiring any other user to click a link or open a file.

  • Attack complexityDetail

    The exploit is reliable and condition-free; no race conditions, memory layout dependencies, or special environmental factors are required to trigger the path traversal.

Blast Radius

  • Reads arbitrary files from the server filesystem, including the master configuration file that stores privileged account credentials.
  • Uses those credentials to authenticate as a system administrator, gaining full administrative control of the Altium Enterprise Server.
  • Modifies server configuration, project data, or collaboration artifacts stored on the instance.
  • Disrupts server availability by abusing administrative access to alter or delete critical service files.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-11423 is active across all customer environments, matching images against the affected version range (Altium Enterprise Server below 8.1.1) from the moment the CVE entered the upstream feed. A patched-image rebuild at version 8.1.1 is available for any environment where an affected image is identified. For customers with auto-remediation enabled, HarborGuard triggers a rebuild at the fixed version, executes a regression run, and opens a PR against affected workloads; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy does not permit auto-remediation, the finding is routed to the designated team inbox with CVSS scoring and policy-weighted priority so engineers can act manually. Note that Altium 365 cloud deployments are not affected by this CVE; the finding applies only to self-hosted Altium Enterprise Server instances packaged in customer images.

See how HarborGuard automates this

Fix available

8.1.1
Affected packages
  • Altium / Altium Enterprise Server
    < 8.1.1 (from 0)
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
References