Ctrl + K
/ news / CVE
CVEPublished 2026-06-05Modified 2026-06-080 articles on news6 live referencesNVD data

CVE-2026-11431

Vulnerability data via NVD (ingested)

CVSS v3.1
EPSS percentile
11
Exploit Prediction Scoring System · top 89% of all CVEs
Weaknesses (CWE)
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-200Exposure of Sensitive Information to an Unauthorized Actor
Description

A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypasses validation, allowing arbitrary files (including entire directories returned as archives) to be read from the server filesystem. Because the readable files include service configuration and credential material, exploitation can be used to gather information enabling further compromise. The issue can be combined with CVE-2026-11424 to reach the cloud-side endpoint. On multi-tenant Altium 365 deployments, the readable configuration could have exposed credentials shared across services. Altium Enterprise Server is fixed in 8.1.1; the issue has been remediated in Altium 365 at the service level.

Timeline
Published 2026-06-05
Modified 2026-06-08

External references

NVDMITREExploit-DBGitHub PoCSploitusVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2026-11431
Hosts Shodan has explicitly fingerprinted as vulnerable.
More intel sources (5)
Shodan report
vuln:CVE-2026-11431
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-11431
Censys host search filtered to this CVE id.
grep.app
CVE-2026-11431
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-11431
GitHub code search for direct mentions.
Google dork
"CVE-2026-11431" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (3)

CVE-2026-114313 repos
Xuchen-Li/cv-arxiv-dailyPython
Automatically update arXiv papers about SOT & VLT, Multi-modal Learning, LLM and Video Understanding using Github Actions.
★ 46·updated today
XuzhaoLi/ro-arxiv-dailyPython
Automatically Update Arxiv Papers about Path Planning, LLM and Autonomous Driving using Github Actions since 2024.2.
★ 37·updated today
cnlinxi/LLM-paper-dailyPython
Automatically Update LLM Papers Daily using Github Actions. Ref: https://github.com/Vincentqyw/cv-arxiv-daily
★ 10·updated today
We haven't classified any articles referencing CVE-2026-11431 yet. The external references above still apply.