CVE-2026-11429 – Path Traversal in Altium Git Service Allows Remote Code Execution

CVE ID :CVE-2026-11429

Published : June 5, 2026, 10:16 p.m. | 16 minutes ago

Description :A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to move arbitrary files outside the intended repository area.

This file-move primitive can be used to place attacker-controlled script content into directories where it is later executed by the service, resulting in remote code execution under the Git Service account. On multi-tenant Altium 365 deployments, this could have allowed access to data belonging to other tenants on the same infrastructure node. Altium Enterprise Server is fixed in 8.1.1; the issue has been remediated in Altium 365 at the service level.

Severity: 9.4 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-9134 – Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel

CVE-2026-9109 – GPTranslate

CVE-2026-9062 – Agile Store Locator < 1.6.9 – Admin+ Arbitrary File Read via Path Traversal

CVE-2026-9061 – Agile Store Locator < 1.6.9 – Admin+ Stored XSS via logo_name