QSearchQSearch

CVE-2026-11420

9.8 CRITICAL

Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network...

Published: 2026-06-05 · Last updated: 2026-06-16

Severity and scoring

CVSS
9.8 CRITICAL
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-22, CWE-306

Affected products

VendorProduct
altiumon-prem_enterprise_server

Description

Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. No authentication, session, or credentials are required. Because content-controlled files can be written to web-accessible directories, or used to overwrite application binaries or configuration files, exploitation can be escalated to remote code execution in the context of the service account, and can disclose deployment package contents. Altium 365 cloud deployments are not affected, as the Network Installation Service is not part of the cloud offering.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-11419 A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user... (8.8 HIGH)
  • CVE-2026-11414 A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service (9.8 CRITICAL)

Same CWE

  • CVE-2026-48777 FileBrowser Quantum is a free, self-hosted, web-based file manager
  • CVE-2026-0647 An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server
  • CVE-2026-8442 The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8 (8.1 HIGH)
  • CVE-2026-49766 Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions (9.9 CRITICAL)
  • CVE-2026-49061 Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions (7.5 HIGH)