CVE-2026-1181

Name of the Vulnerable Software and Affected Versions Altium Forum (affected versions not specified)

Description A stored cross-site scripting (XSS) issue exists in the Altium Forum because of insufficient server-side input sanitization of forum post content. An authenticated attacker can inject arbitrary JavaScript into forum posts. This injected script is stored and executed when other users view the affected post. Successful exploitation allows the attacker’s payload to execute within the context of the victim’s authenticated Altium 365 session, potentially enabling unauthorized access to workspace data, including design files and workspace settings. Exploitation requires a user to view a malicious forum post.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.