Altium On-prem Enterprise Server — known CVE vulnerabilities
Every CVE whose affected-product data names Altium On-prem Enterprise Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2026-11414 — CVSS 9.8 (critical): A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is…
CVE-2026-11420 — CVSS 9.8 (critical): Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network…
CVE-2026-11419 — CVSS 8.8 (high): A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a…
CVE-2025-27378 — CVSS 8.6 (high): AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied…
CVE-2026-1010 — CVSS 8.0 (high): A stored cross-site scripting (XSS) vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in…
CVE-2025-27380 — CVSS 7.6 (high): HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute…
CVE-2025-27379 — CVSS 6.8 (medium): A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject…