{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-16T00:33:08.891","vulnerabilities":[{"cve":{"id":"CVE-2026-1010","sourceIdentifier":"4760f414-e1ae-4ff1-bdad-c7a9c3538b79","published":"2026-01-15T23:15:51.323","lastModified":"2026-01-23T19:31:41.887","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A stored cross-site scripting (XSS) vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data.\n\nWhen an administrator views the affected workflow, the injected payload executes in the administrator’s browser context, allowing privilege escalation, including creation of new administrator accounts, session token theft, and execution of administrative actions."},{"lang":"es","value":"Una vulnerabilidad de cross-site scripting (XSS) almacenado existe en el Altium Workflow Engine debido a la falta de saneamiento de entrada del lado del servidor en las API de envío de formularios de flujo de trabajo. Un usuario autenticado regular puede inyectar JavaScript arbitrario en los datos del flujo de trabajo.\n\nCuando un administrador ve el flujo de trabajo afectado, la carga útil inyectada se ejecuta en el contexto del navegador del administrador, permitiendo la escalada de privilegios, incluyendo la creación de nuevas cuentas de administrador, el robo de tokens de sesión y la ejecución de acciones administrativas."}],"metrics":{"cvssMetricV31":[{"source":"4760f414-e1ae-4ff1-bdad-c7a9c3538b79","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"4760f414-e1ae-4ff1-bdad-c7a9c3538b79","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-269"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:altium:on-prem_enterprise_server:8.0.1:*:*:*:*:*:*:*","matchCriteriaId":"CDEBB57C-6A6D-4FC9-BA14-8324F1F7661C"}]}]}],"references":[{"url":"https://www.altium.com/platform/security-compliance/security-advisories","source":"4760f414-e1ae-4ff1-bdad-c7a9c3538b79","tags":["Vendor Advisory"]}]}}]}