Path Traversal Vulnerability in Altium Enterprise Server
CVE-2026-9102

9.4CRITICAL

Key Information:

Vendor: Altium
Status: Altium Enterprise Server
Vendor: CVE Published:; 20 May 2026

What is CVE-2026-9102?

A path traversal vulnerability exists in Altium Enterprise Server's ComparisonService due to inadequate filename sanitization in its Gerber file upload APIs. An authenticated user can exploit this by manipulating the multipart Content-Disposition header to escape the designated temporary upload directory, allowing unauthorized file writing to any location on the server's filesystem. This vulnerability can potentially enable remote code execution in the context of the service account, leading to various risks such as overwriting application binaries or configuration files, which could facilitate service takeover or denial of service.

Affected Version(s)

Altium Enterprise Server Web 0 < 8.0.4

References

https://www.altium.com/platform/security-compliance/secur...

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
May 20, 2026

Credit

Joris Aerts, Tesla Inc.

CVE-2026-9102 Data

JSON