PT-2026-54700 · Altium · Altium Enterprise Server+1
Published
2026-07-01
·
Updated
2026-07-02
·
CVE-2026-14439
CVSS v4.0
9.4
Critical
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
Altium Enterprise Server versions prior to 8.1.1
Altium 365 (affected versions not specified)
Description
A path traversal issue exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service processes post-clone file-manipulation operations using user-supplied paths without proper validation. This allows an authenticated user with basic git access to move arbitrary files outside the intended repository area. This capability can be used to place malicious script content into directories where the service later executes them, leading to remote code execution under the Git Service account. In multi-tenant Altium 365 deployments, this could allow unauthorized access to data from other tenants on the same infrastructure node.
Recommendations
Update Altium Enterprise Server to version 8.1.1.
Fix
Path traversal
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Altium 365
Altium Enterprise Server