Altium
CVE Numbering Authority
Latest CVE published
Overview
Altium is a CVE Numbering Authority that has published 9 CVE records since 2026. It is currently classified as active, with 9 CVEs published in the last two years. Its CVE data quality is graded A (100% overall completeness).
Among the 370 CNAs tracked here, Altium ranks #319 by CVE volume and reports more complete records than 60% of all CNAs.
Data quality report card
How complete and consistent Altium's CVE records are, scored across vendor, product, CVSS, and CWE coverage.
A CVE record only requires a description to be published. “Completeness” measures how often Altium also fills in the optional — but extremely useful — fields that make a vulnerability actually actionable: the affected vendor and product, a CVSS severity score, and a CWE weakness type. A higher score means more of this CNA’s CVEs include those details, so defenders spend less time enriching records by hand.
Report card grade
100%
Overall score
What these scores mean
- Vendor completeness
- The share of this CNA's CVEs that name an affected vendor.
- Product completeness
- The share that name a specific affected product.
- CVSS completeness
- The share that include a CVSS severity score.
- CWE completeness
- The share mapped to a CWE weakness type.
- Update rate
- How often this CNA revises CVE records after first publishing them.
- Vendor diversity
- How many distinct vendors this CNA publishes CVEs for.
Severity and exploitation
How the CVSS severity of Altium's published CVEs breaks down, and how many are known to be exploited in the wild.
In CISA’s Known Exploited Vulnerabilities catalog
0
None of Altium's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.
Common weakness types
The CWE weakness categories Altium most often assigns to its CVEs. Follow any weakness to its full explanation.
- CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')4 CVEs
- CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')3 CVEs
- CWE-200Exposure of Sensitive Information to an Unauthorized Actor3 CVEs
- CWE-306Missing Authentication for Critical Function3 CVEs
- CWE-434Unrestricted Upload of File with Dangerous Type1 CVE
- CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')1 CVE
- CWE-116Improper Encoding or Escaping of Output1 CVE
- CWE-942Permissive Cross-domain Security Policy with Untrusted Domains1 CVE
Top vendors
The vendors Altium publishes the most CVEs for.
- Altium20 CVEs
Top products
The products Altium publishes the most CVEs for.
- Altium Enterprise Server11 CVEs
- on-prem enterprise server7 CVEs
- Altium 3656 CVEs
- Altium Live3 CVEs
- AES3 CVEs
- Altium Support Center1 CVEs
- designer1 CVEs
- Forum module1 CVEs
Latest CVEs
The most recent CVEs assigned by Altium.
- CVE-2026-14439CWE-22
Path Traversal in Altium Git Service Allows Remote Code Execution
Critical · CVSS 9.4EPSS 0.6%2026-07-01 - CVE-2026-11431CWE-200
Path Traversal in Altium Projects Service Allows Arbitrary File Read
High · CVSS 8.3EPSS 0.5%2026-06-05 - CVE-2026-11429CWE-306
Path Traversal in Altium Vault ScriptsController Allows Unauthenticated Remote Code Execution
Critical · CVSS 10.0EPSS 1.1%2026-06-05 - CVE-2026-11424CWE-200
Server-Side Request Forgery in Altium Platform Design GraphQL Service Allows Information Disclosure
High · CVSS 8.3EPSS 0.2%2026-06-05 - CVE-2026-11423CWE-269
Path Traversal in Altium Enterprise Server Collaboration Service Allows Privilege Escalation
Critical · CVSS 9.4EPSS 0.3%2026-06-05 - CVE-2026-11420CWE-306
Path Traversal in Altium Enterprise Server NIS Allows Unauthenticated Arbitrary File Write and File Read
Critical · CVSS 10.0EPSS 0.7%2026-06-05 - CVE-2026-11419CWE-22
Path Traversal in Altium Enterprise Server Vault UploadController Allows Arbitrary File Write
Critical · CVSS 9.4EPSS 0.5%2026-06-05 - CVE-2026-11414CWE-22
Unauthenticated File Exfiltration in Altium Enterprise Server Vault Service via Hard-coded Cryptographic Key and Path Traversal
Critical · CVSS 10.0EPSS 0.5%2026-06-05 - CVE-2026-9152CWE-306
Unauthenticated SOAP Endpoint in Altium 365 SearchService Allows Cross-Tenant Data Exfiltration and Index Destruction
Critical · CVSS 10.0EPSS 0.3%2026-05-21 - CVE-2026-9129CWE-200
Path Traversal in Altium Enterprise Server Viewer StorageController Allows Arbitrary File Read
Critical · CVSS 9.4EPSS 0.2%2026-05-20 - CVE-2026-9102CWE-434
Path Traversal in Altium Enterprise Server ComparisonService Allows Arbitrary File Write
Critical · CVSS 9.4EPSS 0.6%2026-05-20 - CVE-2025-27380CWE-79
HTML Injection Leading to Script Execution in Altium Enterprise Server
High · CVSS 7.6EPSS 0.2%2026-01-22
Track new Altium CVEs as they are published and get AI-written analysis and remediation guidance.
Monitor Altium CVEsOther CNAs
Compare data quality across other CVE Numbering Authorities.
Frequently asked questions
Common questions about the Altium CNA.
- What is the Altium CNA?
- Altium is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 9 CVE records since 2026.
- How many CVEs has Altium published?
- Altium has published 9 CVE records, including 9 in the last two years.
- What is Altium's CVE data quality grade?
- RadicalNotion.AI grades Altium's CVE data quality as A, with an overall completeness score of 100%. This reflects how consistently its CVE records include vendor (100%), product (100%), CVSS (100%), and CWE (100%) information.
- What products does Altium publish CVEs for?
- Altium most frequently publishes CVEs for Altium Enterprise Server, on-prem enterprise server, Altium 365, Altium Live, AES.
- Which vendors does Altium cover?
- Altium publishes CVEs across 1 distinct vendors, most often Altium.
- Is Altium actively publishing CVEs?
- Altium is currently active, based on 9 CVEs in the last two years.
- What is the average severity of Altium's CVEs?
- The average CVSS base score across Altium's scored CVEs is 7.6.
- How many critical CVEs has Altium published?
- Altium has published 12 critical-severity CVEs and 5 high-severity CVEs.
- Are any of Altium's CVEs in CISA's Known Exploited Vulnerabilities catalog?
- No. None of Altium's CVEs are currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- What are the most common weakness types in Altium's CVEs?
- Altium's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), CWE-306 (Missing Authentication for Critical Function).
- How does Altium rank among CNAs?
- By total CVE volume, Altium ranks #319 of 370 CNAs, and it reports more complete CVE records than 60% of all CNAs.
References
- Official CVE.org list of CNA partners (opens in a new tab)
- Learn: What is a CNA?
- CWE directory: the weakness types this CNA maps its CVEs to
CNA report-card grades are computed by RadicalNotion.AI from published CVE records. CVE data is sourced from the CVE Program.
Track Altium CVEs
Monitor new vulnerabilities as this CNA publishes them, with AI-written analysis and remediation guidance.