CVE-2026-1010

Name of the Vulnerable Software and Affected Versions Altium Workflow Engine (affected versions not specified)

Description A stored cross-site scripting (XSS) issue exists because of insufficient server-side input sanitization within workflow form submission APIs. An authenticated user can inject arbitrary JavaScript into workflow data. When an administrator views the affected workflow, the injected payload executes in the administrator’s browser, potentially allowing privilege escalation, including the creation of new administrator accounts, session token theft, and the execution of administrative actions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.