FKIE_CVE-2026-1181

Vulnerability from fkie_nvd - Published: 2026-01-19 13:16 - Updated: 2026-01-26 15:05
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Summary
Altium 365 workspace endpoints were configured with an overly permissive Cross-Origin Resource Sharing (CORS) policy that allowed credentialed cross-origin requests from other Altium-controlled subdomains, including forum.live.altium.com. As a result, JavaScript executing on those origins could access authenticated workspace APIs in the context of a logged-in user. When chained with vulnerabilities in those external applications, this misconfiguration enables unauthorized access to workspace data, administrative actions, and bypass of IP allowlisting controls, including in GovCloud environments.
References
4760f414-e1ae-4ff1-bdad-c7a9c3538b79https://www.altium.com/platform/security-compliance/security-advisories
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Altium 365 workspace endpoints were configured with an overly permissive Cross-Origin Resource Sharing (CORS) policy that allowed credentialed cross-origin requests from other Altium-controlled subdomains, including forum.live.altium.com. As a result, JavaScript executing on those origins could access authenticated workspace APIs in the context of a logged-in user. When chained with vulnerabilities in those external applications, this misconfiguration enables unauthorized access to workspace data, administrative actions, and bypass of IP allowlisting controls, including in GovCloud environments."
    },
    {
      "lang": "es",
      "value": "Los puntos finales del espacio de trabajo de Altium 365 fueron configurados con una pol\u00edtica de Intercambio de Recursos de Origen Cruzado (CORS) excesivamente permisiva que permit\u00eda solicitudes de origen cruzado con credenciales desde otros subdominios controlados por Altium, incluyendo forum.live.altium.com. Como resultado, el JavaScript que se ejecutaba en esos or\u00edgenes pod\u00eda acceder a las API autenticadas del espacio de trabajo en el contexto de un usuario con sesi\u00f3n iniciada. Cuando se encadena con vulnerabilidades en esas aplicaciones externas, esta mala configuraci\u00f3n permite el acceso no autorizado a los datos del espacio de trabajo, acciones administrativas y la elusi\u00f3n de los controles de inclusi\u00f3n en lista blanca de IP, incluso en entornos GovCloud."
    }
  ],
  "id": "CVE-2026-1181",
  "lastModified": "2026-01-26T15:05:39.840",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0,
        "source": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-19T13:16:20.543",
  "references": [
    {
      "source": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79",
      "url": "https://www.altium.com/platform/security-compliance/security-advisories"
    }
  ],
  "sourceIdentifier": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        },
        {
          "lang": "en",
          "value": "CWE-942"
        }
      ],
      "source": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.