Scan free
CRITICALCVE-2026-1009CVSS 9

CVE-2026-1009: XSS in Altium Live Forum

Platform

other

Component

altium-live-forum

Fixed in

1.2.3

AI Confidence: highNVDEPSS 0.0%Reviewed: May 2026
View on NVD
Save

A stored cross-site scripting (XSS) vulnerability has been identified in Altium Live Forum versions 0 through 1.2.2. This flaw arises from insufficient server-side input sanitization of forum post content. Successful exploitation allows an attacker to inject and execute arbitrary JavaScript code within forum posts, potentially compromising user sessions and sensitive data. The vulnerability is resolved in version 1.2.3.

Impact and Attack Scenarios

The impact of this XSS vulnerability is significant. An authenticated attacker can inject malicious JavaScript into forum posts, which are then stored and executed when other users view the affected post. This allows the attacker’s payload to execute in the context of the victim’s authenticated Altium 365 session. This can lead to unauthorized access to workspace data, including sensitive design files and workspace settings. The attacker could potentially steal credentials, modify designs, or perform other malicious actions within the compromised workspace. The requirement for user interaction to view the malicious post slightly mitigates the risk, but widespread forum usage increases the potential for exploitation.

Exploitation Context

CVE-2026-1009 was publicly disclosed on 2026-01-15. No public proof-of-concept (POC) code has been released at the time of writing, but the vulnerability's nature and CRITICAL CVSS score suggest a high likelihood of exploitation. It is not currently listed on the CISA KEV catalog. The requirement for user interaction to trigger the vulnerability may limit its immediate exploitability, but the potential impact warrants careful attention.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

EPSS

0.01% (3% percentile)

CISA SSVC

Exploitationnone
Automatableno
Technical Impacttotal

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H9.0CRITICALAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredLowAuthentication level needed to attackUser InteractionRequiredWhether a victim must take actionScopeChangedImpact beyond the vulnerable componentConfidentialityHighRisk of sensitive data exposureIntegrityHighRisk of unauthorized data modificationAvailabilityHighRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
Low — any valid user account is sufficient. Basic authenticated access required.
User Interaction
Required — victim must take an action: open a file, click a link, or visit a crafted page.
Scope
Changed — successful attack can pivot beyond the vulnerable component to other systems or the host OS.
Confidentiality
High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity
High — attacker can write, modify, or delete any data: databases, config files, or code.
Availability
High — complete crash or resource exhaustion. Full denial of service.

Affected Software

Componentaltium-live-forum
VendorAltium
Affected rangeFixed in
0 – 1.2.21.2.3

Weakness Classification (CWE)

CWE-79CWE-284

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated

Mitigation and Workarounds

The primary mitigation for CVE-2026-1009 is to upgrade Altium Live Forum to version 1.2.3 or later, which includes the necessary input sanitization fixes. If upgrading immediately is not feasible, consider temporarily restricting user permissions within the forum to limit the potential impact of successful exploitation. Monitor forum activity for suspicious posts or unusual user behavior. While a direct WAF rule is difficult to implement without specific payload signatures, general XSS filtering rules can provide a baseline level of protection. After upgrading, confirm the vulnerability is resolved by attempting to inject a simple JavaScript payload into a forum post and verifying that it is not executed.

How to fix

Update Altium Live to a version later than 1.2.2. This will fix the stored XSS vulnerability in the forum. See the Altium security advisory for more details.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-1009 — XSS in Altium Live Forum?

CVE-2026-1009 is a CRITICAL stored cross-site scripting (XSS) vulnerability in Altium Live Forum versions 0 through 1.2.2, allowing attackers to inject malicious JavaScript into forum posts.

Am I affected by CVE-2026-1009 in Altium Live Forum?

If you are using Altium Live Forum versions 0–1.2.2, you are potentially affected by this vulnerability. Upgrade to version 1.2.3 or later to mitigate the risk.

How do I fix CVE-2026-1009 in Altium Live Forum?

The recommended fix is to upgrade Altium Live Forum to version 1.2.3 or later. Consider temporary restrictions on user permissions if immediate upgrade is not possible.

Is CVE-2026-1009 being actively exploited?

While no public exploits are currently known, the CRITICAL severity and public disclosure suggest a high likelihood of exploitation. Monitor your forum closely.

Where can I find the official Altium advisory for CVE-2026-1009?

Please refer to the official Altium security advisory for detailed information and updates regarding CVE-2026-1009: [https://www.altium.com/security/advisories/altium-live-forum-xss-vulnerability](https://www.altium.com/security/advisories/altium-live-forum-xss-vulnerability)

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs