CVE-2026-1010
A stored cross-site scripting (XSS) vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data.
When an administrator views the affected workflow, the injected payload executes in the administrator’s browser context, allowing privilege escalation, including creation of new administrator accounts, session token theft, and execution of administrative actions.
When an administrator views the affected workflow, the injected payload executes in the administrator’s browser context, allowing privilege escalation, including creation of new administrator accounts, session token theft, and execution of administrative actions.
Vendor
Product
CWE
Yayın Tarihi
2026-01-15 23:15:51
Güncelleme
2026-01-23 19:31:41
Source Identifier
4760f414-e1ae-4ff1-bdad-c7a9c3538b79
KEV Date Added
-