[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-11420":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T14:55:36.164Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":66,"aliases":67,"duplicate_of":9,"upstream":68,"downstream":69,"duplicates":70,"related":71,"reserved_at":9,"published_at":72,"modified_at":73,"state":74,"summary":75,"references_raw":84,"kevs":90,"epss":91,"epss_history":94,"metrics":96,"affected":103},"CVE-2026-11420","Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. No authentication, session, or credentials are required.\n\n\n\n\nBecause content-controlled files can be written to web-accessible directories, or used to overwrite application binaries or configuration files, exploitation can be escalated to remote code execution in the context of the service account, and can disclose deployment package contents. Altium 365 cloud deployments are not affected, as the Network Installation Service is not part of the cloud offering.",null,[11,40],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],{"_key":41,"id":41,"name":42,"description":43,"type":15,"status":44,"abstraction":17,"likelihood_of_exploit":18,"capec":45},"CWE-306","Missing Authentication for Critical Function","The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.","Draft",[46,50,54,58,62],{"id":47,"name":48,"techniques":49},"CAPEC-12","Choosing Message Identifier",[],{"id":51,"name":52,"techniques":53},"CAPEC-166","Force the System to Reset Values",[],{"id":55,"name":56,"techniques":57},"CAPEC-216","Communication Channel Manipulation",[],{"id":59,"name":60,"techniques":61},"CAPEC-36","Using Unpublished Interfaces or Functionality",[],{"id":63,"name":64,"techniques":65},"CAPEC-62","Cross Site Request Forgery",[],[],[],[],[],[],[],"2026-06-05T20:03:12.726Z","2026-06-05T20:29:45.593Z","Awaiting Analysis",{"cisa_kev":76,"cisa_ransomware":76,"cisa_vendor":9,"epss_severity":77,"epss_score":78,"severity":79,"severity_score":80,"severity_version":81,"severity_source":82,"severity_vector":83,"severity_status":74},false,"low",0.00676,"critical",10,"v4.0","cve.org","CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",[85],{"url":86,"sources":87,"tags":89},"https://www.altium.com/platform/security-compliance/security-advisories",[82,88],"nvd",[],[],{"date":92,"score":78,"percentile":93},"2026-06-06",0.71925,[95],{"date":92,"score":78,"percentile":93},[97,100],{"source":82,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":98},{"baseScore":80,"baseSeverity":99,"vectorString":83,"impactScore":9,"exploitabilityScore":9},"CRITICAL",{"source":88,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":101},{"baseScore":80,"baseSeverity":99,"vectorString":102,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",[104],{"ecosystem":9,"name":105,"vendor":106,"product":107,"cpe_part":108,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":109},"Altium Enterprise Server","altium","altium enterprise server","a",[110],{"version":111,"is_range":112,"range_type":82,"version_start":9,"version_start_type":9,"version_end":113,"version_end_type":114,"fixed_in":9},"\u003C 8.1.1",true,"8.1.1","excluding"]