VYPR
Vendor

Altium

Products
5
CVEs
20
Across products
22
Status
Private

Products

5

Recent CVEs

20
  • CVE-2026-11429CriJun 5, 2026
    risk 0.65cvss epss 0.01

    Two endpoints in the Vault Service ScriptsController, shared by Altium Enterprise Server and Altium 365, accept file uploads where a user-supplied filename component is used to construct the destination path without validation, allowing arbitrary files to be written to any…

  • CVE-2026-9152CriMay 21, 2026
    risk 0.65cvss epss 0.00

    A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a…

  • CVE-2026-11420CriJun 5, 2026
    risk 0.64cvss 9.8epss 0.01

    Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. No…

  • CVE-2026-11414CriJun 5, 2026
    risk 0.64cvss 9.8epss 0.00

    A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and…

  • CVE-2026-11423CriJun 5, 2026
    risk 0.61cvss epss 0.00

    A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regular authenticated user can submit a collaboration message containing a crafted…

  • CVE-2026-9129CriMay 20, 2026
    risk 0.61cvss epss 0.00

    A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. On on-premise deployments that use local filesystem storage, a regular authenticated user can supply a URL-encoded absolute path…

  • CVE-2026-9102CriMay 20, 2026
    risk 0.61cvss epss 0.01

    A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated workspace user can supply a crafted filename in the multipart Content-Disposition header to escape…

  • CVE-2025-13051CriNov 19, 2025
    risk 0.60cvss epss 0.00

    When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account,…

  • CVE-2025-8070CriJul 23, 2025
    risk 0.60cvss epss 0.00

    The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Program.exe. If the service runs with…

  • CVE-2026-1181CriJan 19, 2026
    risk 0.59cvss 9.0epss 0.00

    Altium 365 workspace endpoints were configured with an overly permissive Cross-Origin Resource Sharing (CORS) policy that allowed credentialed cross-origin requests from other Altium-controlled subdomains, including forum.live.altium.com. As a result, JavaScript executing on…

  • CVE-2026-11419HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.01

    A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage…

  • CVE-2026-11431HigJun 5, 2026
    risk 0.54cvss epss 0.01

    A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypasses validation, allowing arbitrary files (including entire directories returned…

  • CVE-2026-11424HigJun 5, 2026
    risk 0.54cvss epss 0.00

    A server-side request forgery (SSRF) vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit a request whose input is treated as a URL by the server and used to issue an outbound HTTP GET request…

  • CVE-2025-27380Jan 22, 2026
    risk 0.00cvss epss 0.00

    HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content.

  • CVE-2025-27379Jan 22, 2026
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content.

  • CVE-2025-27378Jan 22, 2026
    risk 0.00cvss epss 0.00

    AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL…

  • CVE-2025-27377Jan 22, 2026
    risk 0.00cvss epss 0.00

    Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. An attacker capable of performing a man-in-the-middle (MITM) attack could exploit this issue to intercept or manipulate network traffic, potentially exposing authentication…

  • CVE-2026-1010Jan 15, 2026
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data. When an administrator views…

  • CVE-2026-1009Jan 15, 2026
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing server-side input sanitization in forum post content. An authenticated attacker can inject arbitrary JavaScript into forum posts, which is stored and executed when other users view the…

  • CVE-2026-1008Jan 15, 2026
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass…