CVE-2026-11419

Vulnerability

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service's UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path to bypass the configured storage root and write arbitrary files to any location on the server filesystem writable by the service account. Altium 365 cloud deployments are not affected.

Exploitation

An authenticated user needs to send a crafted image upload request containing an absolute path that discards the configured storage root. This allows the attacker to write arbitrary files to any location on the server filesystem that the service account has write permissions for.

Impact

By writing files to web-accessible directories, overwriting application binaries, or modifying configuration files, an attacker can escalate this vulnerability to achieve remote code execution, service takeover, or denial of service. The scope of the compromise is limited by the privileges of the service account running the Altium Enterprise Server Vault Service.

Mitigation

Not yet disclosed in the available references.