Stored Cross-Site Scripting Vulnerability in Altium 365 by Altium
CVE-2026-1008

7.6HIGH

Key Information:

Vendor: Altium
Status: Altium Live
Vendor: CVE Published:; 15 January 2026

What is CVE-2026-1008?

A stored cross-site scripting (XSS) vulnerability in Altium 365 enables authenticated users to exploit input fields in user profiles. Due to inadequate server-side input sanitization, attackers can inject arbitrary HTML and JavaScript payloads by using whitespace-based attribute parsing techniques. These injected scripts are saved and executed when other users access the affected profile page, posing risks such as session token theft, phishing attacks, and malicious redirects. Mitigation requires user interaction to trigger the attack, and only authenticated accounts can exploit this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Altium Live Web 0 <= 1.2.2

References

https://www.altium.com/platform/security-compliance/secur...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 15, 2026
Vulnerability Reserved
Jan 15, 2026

JSON

Altium