Sicherheitswarnungen

Description

A stored cross-site scripting (XSS) vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass techniques.

The injected payload is persisted and executed when other users view the affected profile page. Successful exploitation could allow an attacker to perform actions such as session token theft, phishing attacks, or malicious redirections in the context of the victim’s browser session.

Exploitation requires an authenticated account and user interaction to view the crafted profile but does not require elevated privileges.

CVSS: 7.6

Detail of Vulnerability: CVE Record: CVE-2026-1008

Affected Products

• Product: Altium Live
• Affected version: 1.2.2
• Mitigated version: 1.2.3

Recommendations

• Update to latest version

Acknowledgements

Joris Aerts

Revision History

• Revision: 1.0
• Date: 16 January 2025
• Description: Post new finding

Description

A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing server-side input sanitization in forum post content. An authenticated attacker can inject arbitrary JavaScript into forum posts, which is stored and executed when other users view the affected post.Successful exploitation allows the attacker’s payload to execute in the context of the victim’s authenticated Altium 365 session, enabling unauthorized access to workspace data, including design files and workspace settings. Exploitation requires user interaction to view a malicious forum post.

CVSS: 9.0

Detail of Vulnerability: CVE Record: CVE-2026-1009

Affected Products

• Product: Altium Live
• Affected version: 1.2.2
• Mitigated version: 1.2.3

Recommendations

• Update to latest version

Acknowledgements

Joris Aerts

Revision History

• Revision: 1.0
• Date: 16 January 2025
• Description: Post new finding

Description

An over-permissive Cross-Origin Resource Sharing (CORS) configuration was identified in the Altium 365 workspace web application. The workspace was configured to allow credentialed cross-origin requests from other Altium-controlled subdomains (for example, forum.live.altium.com) via the Access-Control-Allow-Origin and Access-Control-Allow-Credentials response headers.

As a result, JavaScript executing on those external origins could perform authenticated requests to Altium 365 workspace endpoints in the context of a logged-in user. When chained with vulnerabilities such as stored cross-site scripting (XSS) in those external applications, this misconfiguration could enable unauthorized access to workspace data, execution of administrative actions, and bypass of IP allowlisting controls, including in GovCloud environments.

This issue represents a trust boundary failure in the Altium 365 platform, where untrusted or less-trusted applications were permitted to interact with sensitive workspace APIs.

CVSS: 9.0

Detail of Vulnerability: CVE Record: CVE-2026-1181

Affected Products

• Product: Altium 365
• Affected version: All versions prior to the CORS configuration fix
• Mitigated version: Configuration update applied

Recommendations

• No customer action required

Acknowledgements

Joris Aerts

Revision History

• Revision: 1.0
• Date: 16 January 2025
• Description: Post new finding

Description

A stored cross-site scripting (XSS) vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data.

When an administrator views the affected workflow, the injected payload executes in the administrator’s browser context, allowing privilege escalation, including creation of new administrator accounts, session token theft, and execution of administrative actions.

CVSS: 8.0

Detail of Vulnerability: CVE Record: CVE-2026-1010

Affected Products

• Product: Altium Enterprise Server
• Affected version: 8.0.1
• Mitigated version: TBD

Recommendations

• Update to latest version

Acknowledgements

Joris Aerts

Revision History

• Revision: 1.0
• Date: 16 January 2025
• Description: Post new finding

Description

A stored cross-site scripting (XSS) vulnerability exists in the Altium Support Center AddComment endpoint due to missing server-side input sanitization. Although the client interface applies HTML escaping, the backend accepts and stores arbitrary HTML and JavaScript supplied via modified POST requests.The injected content is rendered verbatim when support cases are viewed by other users, including support staff with elevated privileges, allowing execution of arbitrary JavaScript in the victim’s browser context.

CVSS: 6.1

Detail of Vulnerability: CVE Record: CVE-2026-1011

Affected Products

• Product: Altium Live
• Affected version: 1.1.1.39
• Mitigated version: 1.1.1.40

Recommendations

• Update to latest version

Acknowledgements

Joris Aerts

Revision History

• Revision: 1.0
• Date: 16 January 2025
• Description: Post new finding

Description

Altium 24.9.0 does not validate the self signed server certificate, including for cloud connections. This allows for MITM attacks that can steal sensitive data including authentication credentials or design data.

CVSS: 5.3

Detail of Vulnerability: CVE-2025-27377

Affected Products

• Product: Altium Designer, AES
• Affected version: 24.9
• Mitigated version: 25.2

Recommendations

• Update to latest version
   

Acknowledgements

Joris Aerts

Revision History

• Revision: 1.1
• Date: 04 April 2025
• Description: Add acknowledgement

Description

BOM Viewer on AES7.0.3 does not sanitize all fields. Script execution can be achieved by creating a schematic with a javascript payload in the Description field

CVSS: 6.8
Detail of Vulnerability: CVE-2025-27379

Affected Products

• Product: AES
• Affected version: 7.0.3
• Mitigated version: 7.0.6

Recommendations

• Update to latest version

Acknowledgements

Joris Aerts

Revision History

• Revision: 1.1
• Date: 04 April 2025
• Description: Add acknowledgement

Description

An inactive configuration allows SQL injection to occur by not activating the latest implementation of SQL parsing logic.

CVSS: 8.6
Detail of Vulnerability: CVE-2025-27378

Affected Products

• Product: AES
• Affected version: 7.0.3
• Mitigated version: 7.0.6

Recommendations

• Update to latest version

Acknowledgements

Joris Aerts

Revision History

• Revision: 1.1
• Date: 04 April 2025
• Description: Add acknowledgement

Description

Stealing Session ID through Project Release.

CVSS: 7.6
Detail of Vulnerability: CVE-2025-27380

Affected Products

• Product: AES
• Affected version: 7.0.3
• Mitigated version: 7.0.6

Recommendations

• Update to latest version

Acknowledgements

Joris Aerts

Revision History

• Revision: 1.1
• Date: 04 April 2025
• Description: Add acknowledgement