Altium
Products
5- 9 CVEs
- 6 CVEs
- 5 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
20| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-11429 | Cri | 0.65 | — | 0.01 | Jun 5, 2026 | Two endpoints in the Vault Service ScriptsController, shared by Altium Enterprise Server and Altium 365, accept file uploads where a user-supplied filename component is used to construct the destination path without validation, allowing arbitrary files to be written to any… | ||
| CVE-2026-9152 | Cri | 0.65 | — | 0.00 | May 21, 2026 | A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a… | ||
| CVE-2026-11420 | Cri | 0.64 | 9.8 | 0.01 | Jun 5, 2026 | Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. No… | ||
| CVE-2026-11414 | Cri | 0.64 | 9.8 | 0.00 | Jun 5, 2026 | A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and… | ||
| CVE-2026-11423 | Cri | 0.61 | — | 0.00 | Jun 5, 2026 | A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regular authenticated user can submit a collaboration message containing a crafted… | ||
| CVE-2026-9129 | Cri | 0.61 | — | 0.00 | May 20, 2026 | A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. On on-premise deployments that use local filesystem storage, a regular authenticated user can supply a URL-encoded absolute path… | ||
| CVE-2026-9102 | Cri | 0.61 | — | 0.01 | May 20, 2026 | A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated workspace user can supply a crafted filename in the multipart Content-Disposition header to escape… | ||
| CVE-2025-13051 | Cri | 0.60 | — | 0.00 | Nov 19, 2025 | When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account,… | ||
| CVE-2025-8070 | Cri | 0.60 | — | 0.00 | Jul 23, 2025 | The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Program.exe. If the service runs with… | ||
| CVE-2026-1181 | Cri | 0.59 | 9.0 | 0.00 | Jan 19, 2026 | Altium 365 workspace endpoints were configured with an overly permissive Cross-Origin Resource Sharing (CORS) policy that allowed credentialed cross-origin requests from other Altium-controlled subdomains, including forum.live.altium.com. As a result, JavaScript executing on… | ||
| CVE-2026-11419 | Hig | 0.57 | 8.8 | 0.01 | Jun 5, 2026 | A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage… | ||
| CVE-2026-11431 | Hig | 0.54 | — | 0.01 | Jun 5, 2026 | A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypasses validation, allowing arbitrary files (including entire directories returned… | ||
| CVE-2026-11424 | Hig | 0.54 | — | 0.00 | Jun 5, 2026 | A server-side request forgery (SSRF) vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit a request whose input is treated as a URL by the server and used to issue an outbound HTTP GET request… | ||
| CVE-2025-27380 | 0.00 | — | 0.00 | Jan 22, 2026 | HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content. | |||
| CVE-2025-27379 | 0.00 | — | 0.00 | Jan 22, 2026 | A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content. | |||
| CVE-2025-27378 | 0.00 | — | 0.00 | Jan 22, 2026 | AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL… | |||
| CVE-2025-27377 | 0.00 | — | 0.00 | Jan 22, 2026 | Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. An attacker capable of performing a man-in-the-middle (MITM) attack could exploit this issue to intercept or manipulate network traffic, potentially exposing authentication… | |||
| CVE-2026-1010 | 0.00 | — | 0.00 | Jan 15, 2026 | A stored cross-site scripting (XSS) vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data. When an administrator views… | |||
| CVE-2026-1009 | 0.00 | — | 0.00 | Jan 15, 2026 | A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing server-side input sanitization in forum post content. An authenticated attacker can inject arbitrary JavaScript into forum posts, which is stored and executed when other users view the… | |||
| CVE-2026-1008 | 0.00 | — | 0.00 | Jan 15, 2026 | A stored cross-site scripting (XSS) vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass… |
- risk 0.65cvss —epss 0.01
Two endpoints in the Vault Service ScriptsController, shared by Altium Enterprise Server and Altium 365, accept file uploads where a user-supplied filename component is used to construct the destination path without validation, allowing arbitrary files to be written to any…
- risk 0.65cvss —epss 0.00
A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a…
- risk 0.64cvss 9.8epss 0.01
Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. No…
- risk 0.64cvss 9.8epss 0.00
A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and…
- risk 0.61cvss —epss 0.00
A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regular authenticated user can submit a collaboration message containing a crafted…
- risk 0.61cvss —epss 0.00
A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. On on-premise deployments that use local filesystem storage, a regular authenticated user can supply a URL-encoded absolute path…
- risk 0.61cvss —epss 0.01
A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated workspace user can supply a crafted filename in the multipart Content-Disposition header to escape…
- risk 0.60cvss —epss 0.00
When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account,…
- risk 0.60cvss —epss 0.00
The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Program.exe. If the service runs with…
- risk 0.59cvss 9.0epss 0.00
Altium 365 workspace endpoints were configured with an overly permissive Cross-Origin Resource Sharing (CORS) policy that allowed credentialed cross-origin requests from other Altium-controlled subdomains, including forum.live.altium.com. As a result, JavaScript executing on…
- risk 0.57cvss 8.8epss 0.01
A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage…
- risk 0.54cvss —epss 0.01
A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypasses validation, allowing arbitrary files (including entire directories returned…
- risk 0.54cvss —epss 0.00
A server-side request forgery (SSRF) vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit a request whose input is treated as a URL by the server and used to issue an outbound HTTP GET request…
- CVE-2025-27380Jan 22, 2026risk 0.00cvss —epss 0.00
HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content.
- CVE-2025-27379Jan 22, 2026risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content.
- CVE-2025-27378Jan 22, 2026risk 0.00cvss —epss 0.00
AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL…
- CVE-2025-27377Jan 22, 2026risk 0.00cvss —epss 0.00
Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. An attacker capable of performing a man-in-the-middle (MITM) attack could exploit this issue to intercept or manipulate network traffic, potentially exposing authentication…
- CVE-2026-1010Jan 15, 2026risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data. When an administrator views…
- CVE-2026-1009Jan 15, 2026risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing server-side input sanitization in forum post content. An authenticated attacker can inject arbitrary JavaScript into forum posts, which is stored and executed when other users view the…
- CVE-2026-1008Jan 15, 2026risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass…