Stored Cross-Site Scripting Vulnerability in Altium Support Center
CVE-2026-1011

6.1MEDIUM

Key Information:

Vendor: Altium
Status: Altium Live
Vendor: CVE Published:; 15 January 2026

What is CVE-2026-1011?

A stored cross-site scripting (XSS) vulnerability has been identified in the Altium Support Center. This issue arises from inadequate server-side input sanitization at the AddComment endpoint, allowing attackers to inject arbitrary HTML and JavaScript through manipulated POST requests. Although the frontend implements HTML escaping, the backend lacks sufficient validation, causing the injected content to be rendered without alteration when support cases are accessed by other users, including support personnel with higher privileges. This vulnerability can potentially lead to the execution of malicious JavaScript in a victim's browser, posing significant risks to user security and data integrity.

Affected Version(s)

Altium Live Web 0 <= 1.1.1.39

References

https://www.altium.com/platform/security-compliance/secur...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2026
Vulnerability Reserved
Jan 15, 2026

CVE-2026-1011 Data

JSON