Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Altium — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting Altium. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Altium develops electronic design automation software for PCB creation and component management. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from input validation failures and insecure design. The company maintains a moderate CVE count with 9 records, though no major public security incidents have been widely reported. Security researchers have identified issues in web interfaces and file parsing components that could allow unauthorized access or system compromise. While not a high-risk target, the software's complexity and integration with hardware design processes necessitate regular security assessments to mitigate potential exploitation risks in engineering environments.

Top products by Altium: Altium Live Altium Enterprise Server AES Altium 365 Altium Designer
CVE IDTitleCVSSSeverityPublished
CVE-2026-9152 Unauthenticated SOAP Endpoint in Altium 365 SearchService Allows Cross-Tenant Data Exfiltration and Index Destruction — Altium 365CWE-306--2026-05-21
CVE-2026-9129 Path Traversal in Altium Enterprise Server Viewer StorageController Allows Arbitrary File Read — Altium Enterprise ServerCWE-22--2026-05-20
CVE-2026-9102 Path Traversal in Altium Enterprise Server ComparisonService Allows Arbitrary File Write — Altium Enterprise ServerCWE-22--2026-05-20
CVE-2025-27380 HTML Injection Leading to Script Execution in Altium Enterprise Server — AESCWE-79 7.6 High2026-01-22
CVE-2025-27379 Stored Cross-Site Scripting in AES BOM Viewer — AESCWE-79 6.8 Medium2026-01-22
CVE-2025-27378 SQL Injection in AES Due to Inactive SQL Parsing Configuration — AESCWE-89 8.6 High2026-01-22
CVE-2025-27377 Missing Validation of Self-Signed Certificates in Altium Designer Allows Man-in-the-Middle Attacks — Altium DesignerCWE-295 5.3 Medium2026-01-22
CVE-2026-1181 Altium 365 Over-Permissive CORS Configuration Allows Credentialed Cross-Origin Workspace Access — Altium 365CWE-942 9.0 Critical2026-01-19
CVE-2026-1011 Stored Cross-Site Scripting in Altium Live Support Center Comment Endpoint — Altium LiveCWE-79 6.1 Medium2026-01-15
CVE-2026-1010 Stored Cross-Site Scripting in Altium Enterprise Server Workflow Engine Allows Privilege Escalation — Altium Enterprise ServerCWE-79 8.0 High2026-01-15
CVE-2026-1009 Stored Cross-Site Scripting in Altium Live Forum Leading to Cross-Customer Data Exposure — Altium LiveCWE-79 9.0 Critical2026-01-15
CVE-2026-1008 Stored Cross-Site Scripting in Altium Live User Profile Fields — Altium LiveCWE-79 7.6 High2026-01-15

This page lists every published CVE security advisory associated with Altium. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.