CVE-2026-1011

Name of the Vulnerable Software and Affected Versions Altium Support Center (affected versions not specified)

Description A stored cross-site scripting (XSS) issue exists in the AddComment API endpoint. The vulnerability is caused by a lack of server-side input sanitization. While the client interface applies HTML escaping, the backend stores arbitrary HTML and JavaScript received through modified POST requests. This allows for the execution of arbitrary JavaScript in the browser of users who view support cases, including those with elevated privileges. The AddComment endpoint is vulnerable. The vulnerable parameter is the POST request body.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.