{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-14439/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-07-02T00:09:34.129Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-14439","@id":"https://www.cve.org/CVERecord?id=CVE-2026-14439","description":"A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to move arbitrary files outside the intended repository area.\n\n\n\n\nThis file-move primitive can be used to place attacker-controlled script content into directories where it is later executed by the service,"},"products":[{"@id":"cpe:2.3:a:altium:altium_enterprise_server:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:altium:altium_enterprise_server:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:altium:altium_365:unspecified:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:altium:altium_365:unspecified:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"Update to a fixed version: 8.1.1.","timestamp":"2026-07-02T00:09:34.129Z"}]}