HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-11431Published Modified CNA Altium

CVE-2026-11431: Path Traversal in Altium Projects Service Allows Arbitrary File Read

A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypasses validation, allowing arbitrary files (including entire directories returned as archives) to be read from the server filesystem. Because the readable files include service configuration and credential material, exploitation can be used to gather information enabling further compromise. The issue can be combined with CVE-2026-11424 to reach the cloud-side endpoint. On multi-tenant Altium 365 deployments, the readable configuration could have exposed credentials shared across services. Altium Enterprise Server is fixed in 8.1.1; the issue has been remediated in Altium 365 at the service level.

Metrics

CVSS v4.0
8.3
Severity
HIGH
Fixed in
8.1.1
Affected Products
2

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A path traversal vulnerability exists in the Projects Service download endpoint of Altium Enterprise Server and Altium 365. An authenticated attacker reachable over the network can supply a crafted path parameter to bypass input validation and read arbitrary files from the server filesystem, including configuration files and credential material. Successful exploitation exposes sensitive data that can enable further compromise of connected services. A patched-image rebuild at version 8.1.1 is available on HarborGuard for environments running an affected version of Altium Enterprise Server.

HarborGuard Coverage

Detection

Detection of CVE-2026-11431 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against images in customer registries, CI/CD pipelines, and custom-built images. Any image containing an affected version of the Altium Enterprise Server Projects Service is flagged immediately on ingestion.

Available
Triage

HarborGuard scores this CVE at 8.3 HIGH using the CVSS v4.0 vector and weighs the finding against each environment's configured compliance policy to determine urgency and routing. Findings are dispatched to the appropriate team inbox within each customer organization based on those policy rules.

Available
Patch

A patched-image rebuild at Altium Enterprise Server 8.1.1 becomes available on HarborGuard for any environment where an affected image is detected. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs regression tests, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The vulnerable endpoint is exposed over the network, so the attacker must be able to reach the Altium Projects Service over TCP from a remote host.

  • AuthenticationRequired

    Any low-privilege authenticated account is sufficient to reach the download endpoint and supply a crafted path parameter.

  • Victim interactionNot required

    No victim interaction is needed; the attacker makes direct requests to the endpoint without requiring any other user to take action.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no special environmental conditions, race conditions, or timing constraints.

Blast Radius

  • Reads arbitrary files from the server filesystem, including service configuration files and stored credential material.
  • Exposes credentials that may be shared across multiple connected services, enabling lateral movement or privilege escalation beyond the initial host.
  • On multi-tenant Altium 365 deployments, readable configuration could expose credentials shared across tenant boundaries.
  • Credential material obtained through this vulnerability can be combined with CVE-2026-11424 to reach cloud-side endpoints and extend the attack surface further.

How HarborGuard Handles This

Available on HarborGuard: images running Altium Enterprise Server below 8.1.1 are flagged automatically on ingestion of this CVE. A rebuild against the 8.1.1 fix version is available for any affected image. For customers who opt into auto-remediation, HarborGuard triggers the rebuild, executes a regression-test run, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in environments with auto-remediation enabled. For Altium 365 deployments, the issue has been remediated at the service level by Altium, but where compliance policy requires, HarborGuard can flag any image-side component that remains unverified. Where auto-remediation is not enabled, customers are advised to restrict network access to the Projects Service download endpoint via network policy, apply egress filtering to limit what credential material can reach external hosts, and prioritize manual rebuild to 8.1.1.

See how HarborGuard automates this

Fix available

8.1.1
Affected packages
  • Altium / Altium Enterprise Server
    < 8.1.1 (from 0)
  • Altium / Altium 365
    unspecified
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
References