External risk intelligence

Altium Enterprise Server Viewer could allow internal attacker to steal secrets and gain access

CVE advisorySeverity: CRITICAL (CVSS 9.4)

CVE-2026-9129

An internal attacker can exploit a flaw in the Altium Enterprise Server Viewer to read unauthorized files on the system. This allows them to steal sensitive configuration data and credentials, creating a risk of full server compromise and data access.

1Halo Surface Signal

Path Traversal

External exposure likelihood

Halo Surface Signal score for CVE-2026-9129

The Altium Enterprise Server is designed for internal organizational use. It is typically deployed within private network perimeters, not as a public-facing service. Access is limited to authenticated network users, making direct reachability from the public internet very unlikely in standard, expected deployments.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

This vulnerability allows an authenticated user to read arbitrary files from the server's local storage by manipulating file path parameters. Because this can expose sensitive server secrets like database credentials and signing keys, it could lead to a full compromise of the server and its data. Teams should pay attention because this could grant attackers access to critical secrets.

  • Discloses server secrets.
  • Allows server data compromise.

Attack Path

How an attacker could exploit the issue

An authenticated user could exploit this vulnerability in Altium Enterprise Server's Viewer component to read arbitrary files from the server. By manipulating path parameters in API requests, an attacker can bypass the storage root and access sensitive files like configuration or credentials. This could lead to full server compromise.

  • Requires authenticated access.
  • Targets Viewer API endpoint.
  • Exploits path traversal flaw.
  • Affects on-premise local storage.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability allows authenticated users to read arbitrary files from the server's filesystem, including critical secrets like database credentials and signing keys. While this offers a clear path to full server compromise, its exploitation is likely limited to insider threats or scenarios where an attacker has already gained a foothold within the network. Cloud deployments are not affected.

  • Path traversal can expose server secrets.
  • Exploitation requires authenticated access.
  • Primarily an insider threat.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize patching or isolating Altium Enterprise Server instances that use local filesystem storage, as exploitation can lead to full server compromise by revealing sensitive credentials and keys.

  • Identify and inventory affected on-premise deployments.
  • Block access to the Viewer Storage API or isolate the server.
  • Apply vendor patches when available.

Frequently asked questions

What is Altium Enterprise Server?

Altium Enterprise Server is a platform for managing electronic design data and processes within organizations. It provides a centralized environment for collaboration and version control of design assets.

How does CVE-2026-9129 create a path traversal vulnerability?

CVE-2026-9129 is a path traversal vulnerability in Altium Enterprise Server's Viewer StorageController. It arises from improper handling of file path parameters, allowing authenticated users to manipulate requests to read files outside the intended directory by discarding the storage root.

What is the impact of CVE-2026-9129 on Altium Enterprise Server deployments?

Exploiting CVE-2026-9129 can lead to the disclosure of all server secrets, including database credentials and signing keys, potentially resulting in a full compromise of the server and its data. This vulnerability affects on-premise deployments using local filesystem storage.

What is the affected component in Altium Enterprise Server for CVE-2026-9129?

The vulnerability exists in the Viewer StorageController component of Altium Enterprise Server. This component is responsible for handling file path parameters when users access design files through the Viewer.

How can organizations mitigate the risk of CVE-2026-9129?

Organizations should apply vendor patches as soon as they are available. Additionally, restricting network access to the Viewer endpoints, rotating sensitive credentials, and auditing logs for suspicious requests can help mitigate the risk.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified