CVE-2026-1009

Name of the Vulnerable Software and Affected Versions Altium Forum (affected versions not specified)

Description A stored cross-site scripting (XSS) issue exists because of insufficient server-side input validation of forum post content. An authenticated attacker can inject arbitrary JavaScript into forum posts. This injected script is then stored and executed when other users view the compromised post. Successful exploitation allows the attacker’s code to run within the context of the victim’s authenticated Altium 365 session, potentially granting unauthorized access to workspace data, including design files and workspace settings. Exploitation requires a user to view a malicious forum post. The API endpoint for forum post creation is susceptible to this issue, allowing injection of malicious code through the forum post content. The vulnerable parameter is the forum post content itself.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.