PT-2026-54700 · Altium · Altium Enterprise Server+1

Published

2026-07-01

·

Updated

2026-07-02

·

CVE-2026-14439

CVSS v4.0

9.4

Critical

VectorAV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Name of the Vulnerable Software and Affected Versions Altium Enterprise Server versions prior to 8.1.1 Altium 365 (affected versions not specified)
Description A path traversal issue exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service processes post-clone file-manipulation operations using user-supplied paths without proper validation. This allows an authenticated user with basic git access to move arbitrary files outside the intended repository area. This capability can be used to place malicious script content into directories where the service later executes them, leading to remote code execution under the Git Service account. In multi-tenant Altium 365 deployments, this could allow unauthorized access to data from other tenants on the same infrastructure node.
Recommendations Update Altium Enterprise Server to version 8.1.1.

Fix

Path traversal

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-14439

Affected Products

Altium 365
Altium Enterprise Server