Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-9129
PUBLISHED
More InfoOfficial Page
Assigner-Altium
Assigner Org ID-4760f414-e1ae-4ff1-bdad-c7a9c3538b79
View Known Exploited Vulnerability (KEV) details
Published At-20 May, 2026 | 18:05
Updated At-20 May, 2026 | 19:28
Rejected At-
▼CVE Numbering Authority (CNA)
Path Traversal in Altium Enterprise Server Viewer StorageController Allows Arbitrary File Read

A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. On on-premise deployments that use local filesystem storage, a regular authenticated user can supply a URL-encoded absolute path (such as an encoded drive letter) in a Viewer storage API request, causing the configured storage root to be discarded and allowing arbitrary files to be read from the server filesystem. Because the readable files include the server's master configuration, which stores database credentials, signing key locations, certificate passwords, and OAuth secrets, exploitation can lead to disclosure of all server secrets and full compromise of the server and its data. Cloud deployments are not affected, as they use object storage and do not enable this component.

Affected Products
Vendor
Altium
Product
Altium Enterprise Server
Modules
  • Viewer StorageController (localStorage API)
Platforms
  • Web
Default Status
unaffected
Versions
Affected
  • From 0 before 8.0.4 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-22CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWECWE-200CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-22
Description: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Type: CWE
CWE ID: CWE-200
Description: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Metrics
VersionBase scoreBase severityVector
4.09.4CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Version: 4.0
Base score: 9.4
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-126CAPEC-126 Path Traversal
CAPEC-639CAPEC-639 Probe System Files
CAPEC ID: CAPEC-126
Description: CAPEC-126 Path Traversal
CAPEC ID: CAPEC-639
Description: CAPEC-639 Probe System Files
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Joris Aerts, Tesla Inc.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.altium.com/platform/security-compliance/security-advisories
N/A
Hyperlink: https://www.altium.com/platform/security-compliance/security-advisories
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found