CVE-2026-1181
Published: 19 January 2026
Summary
CVE-2026-1181 is a critical-severity Improper Access Control (CWE-284) vulnerability in Altium (inferred from references). Its CVSS base score is 9.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and CM-6 (Configuration Settings).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for controlling information flows between origins and subdomains, directly preventing credentialed cross-origin requests enabled by permissive CORS policies.
Mandates secure and restrictive configuration settings for web endpoints, including CORS headers, to block unauthorized access from untrusted Altium subdomains.
Enforces logical access controls on workspace APIs to limit unauthorized data access and administrative actions even if cross-origin requests occur.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct exploitation of permissive CORS policy in public-facing Altium 365 web workspace APIs enables cross-origin authenticated access and admin actions from compromised subdomains.
NVD Description
Altium 365 workspace endpoints were configured with an overly permissive Cross-Origin Resource Sharing (CORS) policy that allowed credentialed cross-origin requests from other Altium-controlled subdomains, including forum.live.altium.com. As a result, JavaScript executing on those origins could access authenticated workspace APIs in…
more
the context of a logged-in user. When chained with vulnerabilities in those external applications, this misconfiguration enables unauthorized access to workspace data, administrative actions, and bypass of IP allowlisting controls, including in GovCloud environments.
Deeper analysisAI
CVE-2026-1181, published on 2026-01-19, affects Altium 365 workspace endpoints due to an overly permissive Cross-Origin Resource Sharing (CORS) policy. This configuration permitted credentialed cross-origin requests from other Altium-controlled subdomains, including forum.live.altium.com. Consequently, JavaScript executing on those origins could access authenticated workspace APIs in the context of a logged-in user. The vulnerability carries a CVSS v3.1 base score of 9.0 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H) and maps to CWE-284 (Improper Access Control) and CWE-942 (Permissive Cross-domain Policy with Untrusted Domains).
Attackers require low privileges (PR:L) and user interaction (UI:R), such as tricking a logged-in user into executing malicious JavaScript on permitted Altium subdomains. When chained with vulnerabilities in those external applications, exploitation allows unauthorized access to workspace data, execution of administrative actions, and circumvention of IP allowlisting controls, even in GovCloud environments. The cross-origin scope expansion (S:C) enables high confidentiality, integrity, and availability impacts.
Mitigation details are available in Altium's security advisory at https://www.altium.com/platform/security-compliance/security-advisories.
Details
- CWE(s)