CVE-2026-1008

Stored Cross-Site Scripting in Altium Live User Profile Fields

Description

A stored cross-site scripting (XSS) vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass techniques. The injected payload is persisted and executed when other users view the affected profile page, potentially allowing session token theft, phishing attacks, or malicious redirects. Exploitation requires an authenticated account and user interaction to view the crafted profile.

INFO

Published Date :

2026-01-15T22:24:16.136Z

Last Modified :

2026-01-19T11:42:46.627Z

Source :

Altium

AFFECTED PRODUCTS

The following products are affected by CVE-2026-1008 vulnerability.

Vendors	Products
Altium	Altium 365 Altium Live

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-1008.

URL	Resource
https://www.altium.com/platform/security-compliance/security-advisories

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact