CVE-2026-1009 in Altiumالمعلومات

الملخص

بحسب MITRE • 16/01/2026

A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing server-side input sanitization in forum post content. An authenticated attacker can inject arbitrary JavaScript into forum posts, which is stored and executed when other users view the affected post. Successful exploitation allows the attacker’s payload to execute in the context of the victim’s authenticated Altium 365 session, enabling unauthorized access to workspace data, including design files and workspace settings. Exploitation requires user interaction to view a malicious forum post.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

Altium

حجز

15/01/2026

إفشاء

16/01/2026

الاعتدال

تمت الموافقة

إدخال

VDB-341550

CPE

جاهز

CWE

CWE-79 (مؤكد)

CVSS

5.4 (NVD)

EPSS

0.00022

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-1009
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-1009
CVE Details	https://www.cvedetails.com/cve/CVE-2026-1009/

التالي ▸نظرة عامة ◂ السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!