CVE-2026-11420 | Two path traversal vulnerabilities in the Network Installati… | CVSS 10.0 CRITICAL

Description

Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. No authentication, session, or credentials are required. Because content-controlled files can be written to web-accessible directories, or used to overwrite application binaries or configuration files, exploitation can be escalated to remote code execution in the context of the service account, and can disclose deployment package contents. Altium 365 cloud deployments are not affected, as the Network Installation Service is not part of the cloud offering.

Metadata

CVE ID: CVE-2026-11420
State: PUBLISHED
Assigner: Altium
Reserved: 2026-06-05 19:57 UTC
Published: 2026-06-05 20:03 UTC
Last updated: 2026-06-05 20:29 UTC
Primary CWE: CWE-22
CWE-22 Improper Limitation of a Pathname to a Restricted Dir…
Vendor / Product: Altium / Altium Enterprise Server
Sources: cve.org · NVD

Severity & Metrics

10.0 CRITICAL CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Altium	Altium Enterprise Server	Web	0 < 8.1.1

Weakness (CWE)

CWE	Source	Description
CWE-22	cna	CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-306	cna	CWE-306 Missing authentication for critical function

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	CRITICAL	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

References (1)

https://www.altium.com/platform/security-compliance/security-advisories