CVE-2026-1010 in 365informação

Sumário

de MITRE • 16/01/2026

A stored cross-site scripting (XSS) vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data.

When an administrator views the affected workflow, the injected payload executes in the administrator’s browser context, allowing privilege escalation, including creation of new administrator accounts, session token theft, and execution of administrative actions.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

Altium

Reservar

15/01/2026

Divulgação

16/01/2026

Moderação

aceite

Entrada

VDB-341549

CPE

pronto

CWE

CWE-79 (confirmado)

CVSS

5.4 (NVD)

EPSS

0.00019

KEV

não

Atividades

muito baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-1010
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-1010
CVE Details	https://www.cvedetails.com/cve/CVE-2026-1010/

◂ Voltar Visão Geral Próximo ▸

Do you need the next level of professionalism?

Upgrade your account now!