Cyber Posture

CVE-2026-1009

Critical

Published: 15 January 2026

Published
15 January 2026
Modified
23 January 2026
KEV Added
Patch
CVSS Score 9.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0002 4.8th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1009 is a critical-severity Cross-site Scripting (CWE-79) vulnerability in Altium Altium Live. Its CVSS base score is 9.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Session Hijacking (T1185); ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Browser Session Hijacking (T1185) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly mandates server-side validation and sanitization of forum post content to block injection of arbitrary JavaScript payloads.

SI-15 Information Output Filtering good match
prevent

Requires filtering and encoding of stored forum post content during output to prevent execution of XSS payloads in victims' browsers.

SI-9 Information Input Restrictions good match
prevent

Enforces restrictions on forum post inputs to limit content types and prevent processing of malicious JavaScript.

MITRE ATT&CK Enterprise TechniquesAI

T1185 Browser Session Hijacking Collection
Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.
attack.mitre.org →
T1539 Steal Web Session Cookie Credential Access
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.
attack.mitre.org →
Why these techniques?

Stored XSS enables arbitrary JS execution in victim browser sessions, directly facilitating session hijacking and cookie theft for unauthorized data access.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing server-side input sanitization in forum post content. An authenticated attacker can inject arbitrary JavaScript into forum posts, which is stored and executed when other users view…

more

the affected post. Successful exploitation allows the attacker’s payload to execute in the context of the victim’s authenticated Altium 365 session, enabling unauthorized access to workspace data, including design files and workspace settings. Exploitation requires user interaction to view a malicious forum post.

Deeper analysisAI

CVE-2026-1009 is a stored cross-site scripting (XSS) vulnerability in the Altium Forum, caused by missing server-side input sanitization of forum post content. It affects Altium 365, where authenticated users can post content that leads to arbitrary JavaScript injection. The issue is associated with CWE-79 (Improper Neutralization of Input During Web Page Generation) and CWE-284 (Improper Access Control), earning a CVSS v3.1 base score of 9.0 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).

An authenticated attacker with forum posting privileges can exploit this by injecting malicious JavaScript into a post, which is then stored on the server. When other authenticated Altium 365 users view the affected post, the payload executes in the context of their browser session, granting the attacker unauthorized access to the victim's workspace data, including design files and settings. Successful exploitation requires user interaction, as victims must view the malicious post.

Altium has published a security advisory with further details on this vulnerability, available at https://www.altium.com/platform/security-compliance/security-advisories.

Details

CWE(s)
CWE-79CWE-284

Affected Products

altium
altium live
1.2.2

CVEs Like This One

CVE-2026-1008Same product: Altium Altium Live
CVE-2025-27380Same vendor: Altium
CVE-2025-24885Shared CWE-284, CWE-79
CVE-2026-1010Same vendor: Altium
CVE-2025-27378Same vendor: Altium
CVE-2026-27070Shared CWE-79
CVE-2026-4108Shared CWE-79
CVE-2025-23429Shared CWE-79
CVE-2025-26585Shared CWE-79
CVE-2026-32277Shared CWE-79

References