CVE-2026-11414

Vulnerability

Altium Enterprise Server's Vault service uses a hard-coded cryptographic key to sign file download URLs. This key is identical across all installations. A separate path traversal vulnerability exists in the same download endpoint, allowing attackers to escape the configured storage root and read arbitrary files from the server's filesystem. Altium 365 cloud deployments are not affected as they use object storage instead of the local filesystem.

Exploitation

An unauthenticated network attacker who can reach the server can forge valid download signatures using the hard-coded key. This allows them to retrieve files from the Vault storage area without authentication. The path traversal vulnerability can be chained to read arbitrary files on the server filesystem. The vulnerability can be chained with CVE-2026-9152 to enumerate and bulk-download stored content [1].

Impact

Successful exploitation allows an unauthenticated attacker to read sensitive server configuration and key material by forging download signatures and escaping the storage root. This can lead to full server compromise. The chaining with CVE-2026-9152 allows for enumeration and bulk downloading of stored content [1].

Mitigation

Fixed version and release date are not yet disclosed in the available references. Altium 365 cloud deployments are not impacted in practice. On-premise Altium Enterprise Server is affected. No workarounds or specific mitigation steps are provided in the available references [1].