CVE-2026-9102

Vulnerability

A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs [1]. A regular authenticated workspace user can supply a crafted filename in the multipart Content-Disposition header to escape the intended temporary upload directory [1]. The vulnerability affects the comparison service's Gerber file upload functionality, though specific version ranges are not disclosed in the available references [1].

Exploitation

To exploit this vulnerability, an attacker needs valid authentication as a regular workspace user [1]. The attack involves sending a specially crafted multipart upload request with a filename containing path traversal sequences (e.g., ../) in the Content-Disposition header [1]. No special privileges or user interaction beyond the initial authentication are required [1]. The attacker can then write files outside the temporary upload directory to any location on the server filesystem [1].

Impact

Successful exploitation allows arbitrary file write on the server filesystem [1]. Because content-controlled files can be written to web-accessible directories, this can be escalated to remote code execution in the context of the service account [1]. It can also be used to overwrite application binaries or configuration files, leading to service takeover or denial of service [1].

Mitigation

As of the available references, no patched version or specific mitigation steps have been disclosed [1]. Organizations using Altium Enterprise Server should review the official security advisories page for updates [1]. If a fix becomes available, it should be applied promptly. Until then, administrators should restrict access to the affected service and monitor for unusual file writes [1].