[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-9129":6},{"stargazers_count":4,"fetched_at":5},6,"2026-05-20T17:11:50.996Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":1099,"aliases":1100,"duplicate_of":9,"upstream":1101,"downstream":1102,"duplicates":1103,"related":1104,"reserved_at":9,"published_at":1105,"modified_at":1105,"state":1106,"summary":1107,"references_raw":1114,"kevs":1119,"epss":9,"epss_history":1120,"metrics":1121,"affected":1125},"CVE-2026-9129","A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. On on-premise deployments that use local filesystem storage, a regular authenticated user can supply a URL-encoded absolute path (such as an encoded drive letter) in a Viewer storage API request, causing the configured storage root to be discarded and allowing arbitrary files to be read from the server filesystem.\n\n\n\n\n\n\n\n\nBecause the readable files include the server's master configuration, which stores database credentials, signing key locations, certificate passwords, and OAuth secrets, exploitation can lead to disclosure of all server secrets and full compromise of the server and its data. Cloud deployments are not affected, as they use object storage and do not enable this component.",null,[11,40],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],{"_key":41,"id":41,"name":42,"description":43,"type":15,"status":44,"abstraction":45,"likelihood_of_exploit":18,"capec":46},"CWE-200","Exposure of Sensitive Information to an Unauthorized Actor","The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.","Draft","Class",[47,51,235,261,265,269,273,277,281,285,375,379,383,405,409,413,417,421,431,435,439,443,447,451,455,459,463,527,531,557,579,583,587,591,595,599,603,607,611,615,619,623,627,631,635,639,671,675,697,719,765,791,891,895,1020,1057,1067,1077,1097],{"id":48,"name":49,"techniques":50},"CAPEC-116","Excavation",[],{"id":52,"name":53,"techniques":54},"CAPEC-13","Subverting Environment Variable Values",[55,153,195],{"id":56,"name":57,"tactics":58,"countermeasures":65},"T1562.003","Impair Command History Logging",[59,62],{"id":60,"name":61},"TA0030","Defense Evasion",{"id":63,"name":64},"TA0005","Stealth",[66,71,76,80,84,88,93,97,102,107,111,115,120,124,129,133,137,141,145,149],{"id":67,"name":68,"tactic":69},"D3-CI","Configuration Inventory",{"name":70},"Model",{"id":72,"name":73,"tactic":74},"D3-FA","File Analysis",{"name":75},"Detect",{"id":77,"name":78,"tactic":79},"D3-FIM","File Integrity Monitoring",{"name":75},{"id":81,"name":82,"tactic":83},"D3-DA","Dynamic Analysis",{"name":75},{"id":85,"name":86,"tactic":87},"D3-EFA","Emulated File Analysis",{"name":75},{"id":89,"name":90,"tactic":91},"D3-FEV","File Eviction",{"name":92},"Evict",{"id":94,"name":95,"tactic":96},"D3-RKD","Registry Key Deletion",{"name":92},{"id":98,"name":99,"tactic":100},"D3-DF","Decoy File",{"name":101},"Deceive",{"id":103,"name":104,"tactic":105},"D3-DRA","Disable Remote Access",{"name":106},"Harden",{"id":108,"name":109,"tactic":110},"D3-ACH","Application Configuration Hardening",{"name":106},{"id":112,"name":113,"tactic":114},"D3-FE","File Encryption",{"name":106},{"id":116,"name":117,"tactic":118},"D3-RC","Restore Configuration",{"name":119},"Restore",{"id":121,"name":122,"tactic":123},"D3-RF","Restore File",{"name":119},{"id":125,"name":126,"tactic":127},"D3-CQ","Content Quarantine",{"name":128},"Isolate",{"id":130,"name":131,"tactic":132},"D3-CF","Content Filtering",{"name":128},{"id":134,"name":135,"tactic":136},"D3-LFP","Local File Permissions",{"name":128},{"id":138,"name":139,"tactic":140},"D3-RFAM","Remote File Access Mediation",{"name":128},{"id":142,"name":143,"tactic":144},"D3-CM","Content Modification",{"name":128},{"id":146,"name":147,"tactic":148},"D3-EAL","Executable Allowlisting",{"name":128},{"id":150,"name":151,"tactic":152},"D3-EDL","Executable Denylisting",{"name":128},{"id":154,"name":155,"tactics":156,"countermeasures":168},"T1574.006","Dynamic Linker Hijacking",[157,160,163,164,165],{"id":158,"name":159},"TA0110","Persistence",{"id":161,"name":162},"TA0111","Privilege Escalation",{"id":60,"name":61},{"id":63,"name":64},{"id":166,"name":167},"TA0104","Execution",[169,173,175,177,179,181,183,185,187,189,191,193],{"id":170,"name":171,"tactic":172},"D3-SFA","System File Analysis",{"name":75},{"id":72,"name":73,"tactic":174},{"name":75},{"id":77,"name":78,"tactic":176},{"name":75},{"id":89,"name":90,"tactic":178},{"name":92},{"id":98,"name":99,"tactic":180},{"name":101},{"id":112,"name":113,"tactic":182},{"name":106},{"id":121,"name":122,"tactic":184},{"name":119},{"id":130,"name":131,"tactic":186},{"name":128},{"id":134,"name":135,"tactic":188},{"name":128},{"id":138,"name":139,"tactic":190},{"name":128},{"id":125,"name":126,"tactic":192},{"name":128},{"id":142,"name":143,"tactic":194},{"name":128},{"id":196,"name":197,"tactics":198,"countermeasures":204},"T1574.007","Path Interception by PATH Environment Variable",[199,200,201,202,203],{"id":158,"name":159},{"id":161,"name":162},{"id":60,"name":61},{"id":63,"name":64},{"id":166,"name":167},[205,207,209,211,213,215,217,219,221,223,225,227,229,231,233],{"id":72,"name":73,"tactic":206},{"name":75},{"id":77,"name":78,"tactic":208},{"name":75},{"id":81,"name":82,"tactic":210},{"name":75},{"id":85,"name":86,"tactic":212},{"name":75},{"id":89,"name":90,"tactic":214},{"name":92},{"id":98,"name":99,"tactic":216},{"name":101},{"id":112,"name":113,"tactic":218},{"name":106},{"id":121,"name":122,"tactic":220},{"name":119},{"id":130,"name":131,"tactic":222},{"name":128},{"id":134,"name":135,"tactic":224},{"name":128},{"id":138,"name":139,"tactic":226},{"name":128},{"id":125,"name":126,"tactic":228},{"name":128},{"id":142,"name":143,"tactic":230},{"name":128},{"id":146,"name":147,"tactic":232},{"name":128},{"id":150,"name":151,"tactic":234},{"name":128},{"id":236,"name":237,"techniques":238},"CAPEC-169","Footprinting",[239,247,255],{"id":240,"name":241,"tactics":242,"countermeasures":246},"T1217","Browser Information Discovery",[243],{"id":244,"name":245},"TA0102","Discovery",[],{"id":248,"name":249,"tactics":250,"countermeasures":254},"T1592","Gather Victim Host Information",[251],{"id":252,"name":253},"TA0043","Reconnaissance",[],{"id":256,"name":257,"tactics":258,"countermeasures":260},"T1595","Active Scanning",[259],{"id":252,"name":253},[],{"id":262,"name":263,"techniques":264},"CAPEC-22","Exploiting Trust in Client",[],{"id":266,"name":267,"techniques":268},"CAPEC-224","Fingerprinting",[],{"id":270,"name":271,"techniques":272},"CAPEC-285","ICMP Echo Request Ping",[],{"id":274,"name":275,"techniques":276},"CAPEC-287","TCP SYN Scan",[],{"id":278,"name":279,"techniques":280},"CAPEC-290","Enumerate Mail Exchange (MX) Records",[],{"id":282,"name":283,"techniques":284},"CAPEC-291","DNS Zone Transfers",[],{"id":286,"name":287,"techniques":288},"CAPEC-292","Host Discovery",[289],{"id":290,"name":291,"tactics":292,"countermeasures":294},"T1018","Remote System Discovery",[293],{"id":244,"name":245},[295,299,301,303,305,309,313,317,321,325,329,333,337,341,343,345,347,349,353,355,357,359,361,363,367,369,371],{"id":296,"name":297,"tactic":298},"D3-SCA","System Call Analysis",{"name":75},{"id":170,"name":171,"tactic":300},{"name":75},{"id":72,"name":73,"tactic":302},{"name":75},{"id":77,"name":78,"tactic":304},{"name":75},{"id":306,"name":307,"tactic":308},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":75},{"id":310,"name":311,"tactic":312},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":75},{"id":314,"name":315,"tactic":316},"D3-CSPP","Client-server Payload Profiling",{"name":75},{"id":318,"name":319,"tactic":320},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":75},{"id":322,"name":323,"tactic":324},"D3-NTSA","Network Traffic Signature Analysis",{"name":75},{"id":326,"name":327,"tactic":328},"D3-APCA","Application Protocol Command Analysis",{"name":75},{"id":330,"name":331,"tactic":332},"D3-NTCD","Network Traffic Community Deviation",{"name":75},{"id":334,"name":335,"tactic":336},"D3-RTSD","Remote Terminal Session Detection",{"name":75},{"id":338,"name":339,"tactic":340},"D3-PSA","Process Spawn Analysis",{"name":75},{"id":89,"name":90,"tactic":342},{"name":92},{"id":98,"name":99,"tactic":344},{"name":101},{"id":112,"name":113,"tactic":346},{"name":106},{"id":121,"name":122,"tactic":348},{"name":119},{"id":350,"name":351,"tactic":352},"D3-SCF","System Call Filtering",{"name":128},{"id":130,"name":131,"tactic":354},{"name":128},{"id":134,"name":135,"tactic":356},{"name":128},{"id":138,"name":139,"tactic":358},{"name":128},{"id":125,"name":126,"tactic":360},{"name":128},{"id":142,"name":143,"tactic":362},{"name":128},{"id":364,"name":365,"tactic":366},"D3-NTF","Network Traffic Filtering",{"name":128},{"id":146,"name":147,"tactic":368},{"name":128},{"id":150,"name":151,"tactic":370},{"name":128},{"id":372,"name":373,"tactic":374},"D3-HBPI","Hardware-based Process Isolation",{"name":128},{"id":376,"name":377,"techniques":378},"CAPEC-293","Traceroute Route Enumeration",[],{"id":380,"name":381,"techniques":382},"CAPEC-294","ICMP Address Mask Request",[],{"id":384,"name":385,"techniques":386},"CAPEC-295","Timestamp Request",[387],{"id":388,"name":389,"tactics":390,"countermeasures":392},"T1124","System Time Discovery",[391],{"id":244,"name":245},[393,395,397,399,401,403],{"id":296,"name":297,"tactic":394},{"name":75},{"id":338,"name":339,"tactic":396},{"name":75},{"id":350,"name":351,"tactic":398},{"name":128},{"id":146,"name":147,"tactic":400},{"name":128},{"id":150,"name":151,"tactic":402},{"name":128},{"id":372,"name":373,"tactic":404},{"name":128},{"id":406,"name":407,"techniques":408},"CAPEC-296","ICMP Information Request",[],{"id":410,"name":411,"techniques":412},"CAPEC-297","TCP ACK Ping",[],{"id":414,"name":415,"techniques":416},"CAPEC-298","UDP Ping",[],{"id":418,"name":419,"techniques":420},"CAPEC-299","TCP SYN Ping",[],{"id":422,"name":423,"techniques":424},"CAPEC-300","Port Scanning",[425],{"id":426,"name":427,"tactics":428,"countermeasures":430},"T1046","Network Service Discovery",[429],{"id":244,"name":245},[],{"id":432,"name":433,"techniques":434},"CAPEC-301","TCP Connect Scan",[],{"id":436,"name":437,"techniques":438},"CAPEC-302","TCP FIN Scan",[],{"id":440,"name":441,"techniques":442},"CAPEC-303","TCP Xmas Scan",[],{"id":444,"name":445,"techniques":446},"CAPEC-304","TCP Null Scan",[],{"id":448,"name":449,"techniques":450},"CAPEC-305","TCP ACK Scan",[],{"id":452,"name":453,"techniques":454},"CAPEC-306","TCP Window Scan",[],{"id":456,"name":457,"techniques":458},"CAPEC-307","TCP RPC Scan",[],{"id":460,"name":461,"techniques":462},"CAPEC-308","UDP Scan",[],{"id":464,"name":465,"techniques":466},"CAPEC-309","Network Topology Mapping",[467,511,521],{"id":468,"name":469,"tactics":470,"countermeasures":472},"T1016","System Network Configuration Discovery",[471],{"id":244,"name":245},[473,475,477,479,481,483,485,487,489,491,493,495,497,499,501,503,505,507,509],{"id":72,"name":73,"tactic":474},{"name":75},{"id":77,"name":78,"tactic":476},{"name":75},{"id":81,"name":82,"tactic":478},{"name":75},{"id":85,"name":86,"tactic":480},{"name":75},{"id":296,"name":297,"tactic":482},{"name":75},{"id":338,"name":339,"tactic":484},{"name":75},{"id":89,"name":90,"tactic":486},{"name":92},{"id":98,"name":99,"tactic":488},{"name":101},{"id":112,"name":113,"tactic":490},{"name":106},{"id":121,"name":122,"tactic":492},{"name":119},{"id":130,"name":131,"tactic":494},{"name":128},{"id":134,"name":135,"tactic":496},{"name":128},{"id":138,"name":139,"tactic":498},{"name":128},{"id":125,"name":126,"tactic":500},{"name":128},{"id":142,"name":143,"tactic":502},{"name":128},{"id":146,"name":147,"tactic":504},{"name":128},{"id":150,"name":151,"tactic":506},{"name":128},{"id":350,"name":351,"tactic":508},{"name":128},{"id":372,"name":373,"tactic":510},{"name":128},{"id":512,"name":513,"tactics":514,"countermeasures":516},"T1049","System Network Connections Discovery",[515],{"id":244,"name":245},[517,519],{"id":296,"name":297,"tactic":518},{"name":75},{"id":350,"name":351,"tactic":520},{"name":128},{"id":522,"name":523,"tactics":524,"countermeasures":526},"T1590","Gather Victim Network Information",[525],{"id":252,"name":253},[],{"id":528,"name":529,"techniques":530},"CAPEC-310","Scanning for Vulnerable Software",[],{"id":532,"name":533,"techniques":534},"CAPEC-312","Active OS Fingerprinting",[535],{"id":536,"name":537,"tactics":538,"countermeasures":540},"T1082","System Information Discovery",[539],{"id":244,"name":245},[541,543,545,549,551,553,555],{"id":296,"name":297,"tactic":542},{"name":75},{"id":338,"name":339,"tactic":544},{"name":75},{"id":546,"name":547,"tactic":548},"D3-DE","Decoy Environment",{"name":101},{"id":350,"name":351,"tactic":550},{"name":128},{"id":146,"name":147,"tactic":552},{"name":128},{"id":150,"name":151,"tactic":554},{"name":128},{"id":372,"name":373,"tactic":556},{"name":128},{"id":558,"name":559,"techniques":560},"CAPEC-313","Passive OS Fingerprinting",[561],{"id":536,"name":537,"tactics":562,"countermeasures":564},[563],{"id":244,"name":245},[565,567,569,571,573,575,577],{"id":296,"name":297,"tactic":566},{"name":75},{"id":338,"name":339,"tactic":568},{"name":75},{"id":546,"name":547,"tactic":570},{"name":101},{"id":350,"name":351,"tactic":572},{"name":128},{"id":146,"name":147,"tactic":574},{"name":128},{"id":150,"name":151,"tactic":576},{"name":128},{"id":372,"name":373,"tactic":578},{"name":128},{"id":580,"name":581,"techniques":582},"CAPEC-317","IP ID Sequencing Probe",[],{"id":584,"name":585,"techniques":586},"CAPEC-318","IP 'ID' Echoed Byte-Order Probe",[],{"id":588,"name":589,"techniques":590},"CAPEC-319","IP (DF) 'Don't Fragment Bit' Echoing Probe",[],{"id":592,"name":593,"techniques":594},"CAPEC-320","TCP Timestamp Probe",[],{"id":596,"name":597,"techniques":598},"CAPEC-321","TCP Sequence Number Probe",[],{"id":600,"name":601,"techniques":602},"CAPEC-322","TCP (ISN) Greatest Common Divisor Probe",[],{"id":604,"name":605,"techniques":606},"CAPEC-323","TCP (ISN) Counter Rate Probe",[],{"id":608,"name":609,"techniques":610},"CAPEC-324","TCP (ISN) Sequence Predictability Probe",[],{"id":612,"name":613,"techniques":614},"CAPEC-325","TCP Congestion Control Flag (ECN) Probe",[],{"id":616,"name":617,"techniques":618},"CAPEC-326","TCP Initial Window Size Probe",[],{"id":620,"name":621,"techniques":622},"CAPEC-327","TCP Options Probe",[],{"id":624,"name":625,"techniques":626},"CAPEC-328","TCP 'RST' Flag Checksum Probe",[],{"id":628,"name":629,"techniques":630},"CAPEC-329","ICMP Error Message Quoting Probe",[],{"id":632,"name":633,"techniques":634},"CAPEC-330","ICMP Error Message Echoing Integrity Probe",[],{"id":636,"name":637,"techniques":638},"CAPEC-472","Browser Fingerprinting",[],{"id":640,"name":641,"techniques":642},"CAPEC-497","File Discovery",[643],{"id":644,"name":645,"tactics":646,"countermeasures":648},"T1083","File and Directory Discovery",[647],{"id":244,"name":245},[649,651,653,655,657,659,661,663,665,667,669],{"id":72,"name":73,"tactic":650},{"name":75},{"id":77,"name":78,"tactic":652},{"name":75},{"id":89,"name":90,"tactic":654},{"name":92},{"id":98,"name":99,"tactic":656},{"name":101},{"id":112,"name":113,"tactic":658},{"name":106},{"id":121,"name":122,"tactic":660},{"name":119},{"id":134,"name":135,"tactic":662},{"name":128},{"id":130,"name":131,"tactic":664},{"name":128},{"id":138,"name":139,"tactic":666},{"name":128},{"id":125,"name":126,"tactic":668},{"name":128},{"id":142,"name":143,"tactic":670},{"name":128},{"id":672,"name":673,"techniques":674},"CAPEC-508","Shoulder Surfing",[],{"id":676,"name":677,"techniques":678},"CAPEC-573","Process Footprinting",[679],{"id":680,"name":681,"tactics":682,"countermeasures":684},"T1057","Process Discovery",[683],{"id":244,"name":245},[685,687,689,691,693,695],{"id":296,"name":297,"tactic":686},{"name":75},{"id":338,"name":339,"tactic":688},{"name":75},{"id":350,"name":351,"tactic":690},{"name":128},{"id":146,"name":147,"tactic":692},{"name":128},{"id":150,"name":151,"tactic":694},{"name":128},{"id":372,"name":373,"tactic":696},{"name":128},{"id":698,"name":699,"techniques":700},"CAPEC-574","Services Footprinting",[701],{"id":702,"name":703,"tactics":704,"countermeasures":706},"T1007","System Service Discovery",[705],{"id":244,"name":245},[707,709,711,713,715,717],{"id":296,"name":297,"tactic":708},{"name":75},{"id":338,"name":339,"tactic":710},{"name":75},{"id":350,"name":351,"tactic":712},{"name":128},{"id":146,"name":147,"tactic":714},{"name":128},{"id":150,"name":151,"tactic":716},{"name":128},{"id":372,"name":373,"tactic":718},{"name":128},{"id":720,"name":721,"techniques":722},"CAPEC-575","Account Footprinting",[723],{"id":724,"name":725,"tactics":726,"countermeasures":728},"T1087","Account Discovery",[727],{"id":244,"name":245},[729,733,737,741,745,749,753,757,761],{"id":730,"name":731,"tactic":732},"D3-AM","Access Modeling",{"name":70},{"id":734,"name":735,"tactic":736},"D3-LAM","Local Account Monitoring",{"name":75},{"id":738,"name":739,"tactic":740},"D3-DAM","Domain Account Monitoring",{"name":75},{"id":742,"name":743,"tactic":744},"D3-AL","Account Locking",{"name":92},{"id":746,"name":747,"tactic":748},"D3-AA","Agent Authentication",{"name":106},{"id":750,"name":751,"tactic":752},"D3-CDP","Change Default Password",{"name":106},{"id":754,"name":755,"tactic":756},"D3-ULA","Unlock Account",{"name":119},{"id":758,"name":759,"tactic":760},"D3-RUAA","Restore User Account Access",{"name":119},{"id":762,"name":763,"tactic":764},"D3-UAP","User Account Permissions",{"name":128},{"id":766,"name":767,"techniques":768},"CAPEC-576","Group Permission Footprinting",[769,775],{"id":770,"name":771,"tactics":772,"countermeasures":774},"T1069","Permission Groups Discovery",[773],{"id":244,"name":245},[],{"id":776,"name":777,"tactics":778,"countermeasures":780},"T1615","Group Policy Discovery",[779],{"id":244,"name":245},[781,783,787,789],{"id":67,"name":68,"tactic":782},{"name":70},{"id":784,"name":785,"tactic":786},"D3-NTPM","Network Traffic Policy Mapping",{"name":70},{"id":730,"name":731,"tactic":788},{"name":70},{"id":116,"name":117,"tactic":790},{"name":119},{"id":792,"name":793,"techniques":794},"CAPEC-577","Owner Footprinting",[795],{"id":796,"name":797,"tactics":798,"countermeasures":800},"T1033","System Owner/User Discovery",[799],{"id":244,"name":245},[801,805,807,809,811,815,819,821,823,827,831,835,839,841,843,847,851,853,857,859,861,863,865,867,869,873,875,879,883,887,889],{"id":802,"name":803,"tactic":804},"D3-DI","Data Inventory",{"name":70},{"id":72,"name":73,"tactic":806},{"name":75},{"id":77,"name":78,"tactic":808},{"name":75},{"id":296,"name":297,"tactic":810},{"name":75},{"id":812,"name":813,"tactic":814},"D3-PLA","Process Lineage Analysis",{"name":75},{"id":816,"name":817,"tactic":818},"D3-PSMD","Process Self-Modification Detection",{"name":75},{"id":338,"name":339,"tactic":820},{"name":75},{"id":89,"name":90,"tactic":822},{"name":92},{"id":824,"name":825,"tactic":826},"D3-PT","Process Termination",{"name":92},{"id":828,"name":829,"tactic":830},"D3-PS","Process Suspension",{"name":92},{"id":832,"name":833,"tactic":834},"D3-HR","Host Reboot",{"name":92},{"id":836,"name":837,"tactic":838},"D3-HS","Host Shutdown",{"name":92},{"id":98,"name":99,"tactic":840},{"name":101},{"id":112,"name":113,"tactic":842},{"name":106},{"id":844,"name":845,"tactic":846},"D3-PSEP","Process Segment Execution Prevention",{"name":106},{"id":848,"name":849,"tactic":850},"D3-SAOR","Segment Address Offset Randomization",{"name":106},{"id":121,"name":122,"tactic":852},{"name":119},{"id":854,"name":855,"tactic":856},"D3-RD","Restore Database",{"name":119},{"id":130,"name":131,"tactic":858},{"name":128},{"id":134,"name":135,"tactic":860},{"name":128},{"id":138,"name":139,"tactic":862},{"name":128},{"id":125,"name":126,"tactic":864},{"name":128},{"id":142,"name":143,"tactic":866},{"name":128},{"id":350,"name":351,"tactic":868},{"name":128},{"id":870,"name":871,"tactic":872},"D3-KBPI","Kernel-based Process Isolation",{"name":128},{"id":372,"name":373,"tactic":874},{"name":128},{"id":876,"name":877,"tactic":878},"D3-ABPI","Application-based Process Isolation",{"name":128},{"id":880,"name":881,"tactic":882},"D3-WSAM","Web Session Access Mediation",{"name":128},{"id":884,"name":885,"tactic":886},"D3-DTP","Domain Trust Policy",{"name":128},{"id":146,"name":147,"tactic":888},{"name":128},{"id":150,"name":151,"tactic":890},{"name":128},{"id":892,"name":893,"techniques":894},"CAPEC-59","Session Credential Falsification through Prediction",[],{"id":896,"name":897,"techniques":898},"CAPEC-60","Reusing Session IDs (aka Session Replay)",[899,951],{"id":900,"name":901,"tactics":902,"countermeasures":906},"T1134.001","Token Impersonation/Theft",[903,904,905],{"id":60,"name":61},{"id":63,"name":64},{"id":161,"name":162},[907,911,915,919,923,927,931,935,939,943,947],{"id":908,"name":909,"tactic":910},"D3-CCSA","Credential Compromise Scope Analysis",{"name":75},{"id":912,"name":913,"tactic":914},"D3-CR","Credential Revocation",{"name":92},{"id":916,"name":917,"tactic":918},"D3-ANCI","Authentication Cache Invalidation",{"name":92},{"id":920,"name":921,"tactic":922},"D3-DUC","Decoy User Credential",{"name":101},{"id":924,"name":925,"tactic":926},"D3-CH","Credential Hardening",{"name":106},{"id":928,"name":929,"tactic":930},"D3-MFA","Multi-factor Authentication",{"name":106},{"id":932,"name":933,"tactic":934},"D3-CRO","Credential Rotation",{"name":106},{"id":936,"name":937,"tactic":938},"D3-TB","Token Binding",{"name":106},{"id":940,"name":941,"tactic":942},"D3-TBA","Token-based Authentication",{"name":106},{"id":944,"name":945,"tactic":946},"D3-RIC","Reissue Credential",{"name":119},{"id":948,"name":949,"tactic":950},"D3-CTS","Credential Transmission Scoping",{"name":128},{"id":952,"name":953,"tactics":954,"countermeasures":959},"T1550.004","Web Session Cookie",[955,956],{"id":60,"name":61},{"id":957,"name":958},"TA0109","Lateral Movement",[960,962,964,966,968,970,972,974,976,978,980,982,984,986,988,990,992,994,996,998,1000,1002,1004,1006,1008,1010,1012,1014,1016,1018],{"id":306,"name":307,"tactic":961},{"name":75},{"id":310,"name":311,"tactic":963},{"name":75},{"id":314,"name":315,"tactic":965},{"name":75},{"id":318,"name":319,"tactic":967},{"name":75},{"id":322,"name":323,"tactic":969},{"name":75},{"id":326,"name":327,"tactic":971},{"name":75},{"id":330,"name":331,"tactic":973},{"name":75},{"id":334,"name":335,"tactic":975},{"name":75},{"id":812,"name":813,"tactic":977},{"name":75},{"id":816,"name":817,"tactic":979},{"name":75},{"id":338,"name":339,"tactic":981},{"name":75},{"id":908,"name":909,"tactic":983},{"name":75},{"id":824,"name":825,"tactic":985},{"name":92},{"id":828,"name":829,"tactic":987},{"name":92},{"id":832,"name":833,"tactic":989},{"name":92},{"id":836,"name":837,"tactic":991},{"name":92},{"id":912,"name":913,"tactic":993},{"name":92},{"id":916,"name":917,"tactic":995},{"name":92},{"id":920,"name":921,"tactic":997},{"name":101},{"id":924,"name":925,"tactic":999},{"name":106},{"id":928,"name":929,"tactic":1001},{"name":106},{"id":932,"name":933,"tactic":1003},{"name":106},{"id":944,"name":945,"tactic":1005},{"name":119},{"id":364,"name":365,"tactic":1007},{"name":128},{"id":870,"name":871,"tactic":1009},{"name":128},{"id":350,"name":351,"tactic":1011},{"name":128},{"id":372,"name":373,"tactic":1013},{"name":128},{"id":876,"name":877,"tactic":1015},{"name":128},{"id":880,"name":881,"tactic":1017},{"name":128},{"id":948,"name":949,"tactic":1019},{"name":128},{"id":1021,"name":1022,"techniques":1023},"CAPEC-616","Establish Rogue Location",[1024],{"id":1025,"name":1026,"tactics":1027,"countermeasures":1030},"T1036.005","Match Legitimate Resource Name or Location",[1028,1029],{"id":60,"name":61},{"id":63,"name":64},[1031,1033,1035,1037,1039,1041,1043,1045,1047,1049,1051,1053,1055],{"id":296,"name":297,"tactic":1032},{"name":75},{"id":72,"name":73,"tactic":1034},{"name":75},{"id":77,"name":78,"tactic":1036},{"name":75},{"id":89,"name":90,"tactic":1038},{"name":92},{"id":98,"name":99,"tactic":1040},{"name":101},{"id":112,"name":113,"tactic":1042},{"name":106},{"id":121,"name":122,"tactic":1044},{"name":119},{"id":350,"name":351,"tactic":1046},{"name":128},{"id":130,"name":131,"tactic":1048},{"name":128},{"id":134,"name":135,"tactic":1050},{"name":128},{"id":138,"name":139,"tactic":1052},{"name":128},{"id":125,"name":126,"tactic":1054},{"name":128},{"id":142,"name":143,"tactic":1056},{"name":128},{"id":1058,"name":1059,"techniques":1060},"CAPEC-643","Identify Shared Files/Directories on System",[1061],{"id":1062,"name":1063,"tactics":1064,"countermeasures":1066},"T1135","Network Share Discovery",[1065],{"id":244,"name":245},[],{"id":1068,"name":1069,"techniques":1070},"CAPEC-646","Peripheral Footprinting",[1071],{"id":1072,"name":1073,"tactics":1074,"countermeasures":1076},"T1120","Peripheral Device Discovery",[1075],{"id":244,"name":245},[],{"id":1078,"name":1079,"techniques":1080},"CAPEC-651","Eavesdropping",[1081],{"id":1082,"name":1083,"tactics":1084,"countermeasures":1088},"T1111","Multi-Factor Authentication Interception",[1085],{"id":1086,"name":1087},"TA0031","Credential Access",[1089,1093],{"id":1090,"name":1091,"tactic":1092},"D3-HCI","Hardware Component Inventory",{"name":70},{"id":1094,"name":1095,"tactic":1096},"D3-RH","Radiation Hardening",{"name":106},{"id":37,"name":38,"techniques":1098},[],[],[],[],[],[],[],"2026-05-20T18:05:29.442Z","PUBLISHED",{"cisa_kev":1108,"cisa_ransomware":1108,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":1109,"severity_score":1110,"severity_version":1111,"severity_source":1112,"severity_vector":1113,"severity_status":1106},false,"critical",9.4,"v4.0","cve.org","CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",[1115],{"url":1116,"sources":1117,"tags":1118},"https://www.altium.com/platform/security-compliance/security-advisories",[1112],[],[],[],[1122],{"source":1112,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":1123},{"baseScore":1110,"baseSeverity":1124,"vectorString":1113,"impactScore":9,"exploitabilityScore":9},"CRITICAL",[1126],{"ecosystem":9,"name":1127,"vendor":1128,"product":1129,"cpe_part":1130,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1131},"Altium Enterprise Server","altium","altium enterprise server","a",[1132],{"version":1133,"is_range":1134,"range_type":1112,"version_start":9,"version_start_type":9,"version_end":1135,"version_end_type":1136,"fixed_in":9},"\u003C 8.0.4",true,"8.0.4","excluding"]