CVE-2026-1181 (GCVE-0-2026-1181)
Vulnerability from cvelistv5 – Published: 2026-01-19 12:00 – Updated: 2026-01-26 21:20
VLAI
Title
Altium 365 Over-Permissive CORS Configuration Allows Credentialed Cross-Origin Workspace Access
Summary
Altium 365 workspace endpoints were configured with an overly permissive Cross-Origin Resource Sharing (CORS) policy that allowed credentialed cross-origin requests from other Altium-controlled subdomains, including forum.live.altium.com. As a result, JavaScript executing on those origins could access authenticated workspace APIs in the context of a logged-in user. When chained with vulnerabilities in those external applications, this misconfiguration enables unauthorized access to workspace data, administrative actions, and bypass of IP allowlisting controls, including in GovCloud environments.
Severity
9 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Altium | Altium 365 |
Affected:
unspecified
(semver)
|
Date Public
2026-01-15 22:48
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T21:29:36.260341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T21:29:42.528Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Workspace API"
],
"platforms": [
"Web"
],
"product": "Altium 365",
"vendor": "Altium",
"versions": [
{
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-01-15T22:48:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Altium 365 workspace endpoints were configured with an overly permissive Cross-Origin Resource Sharing (CORS) policy that allowed credentialed cross-origin requests from other Altium-controlled subdomains, including forum.live.altium.com. As a result, JavaScript executing on those origins could access authenticated workspace APIs in the context of a logged-in user. When chained with vulnerabilities in those external applications, this misconfiguration enables unauthorized access to workspace data, administrative actions, and bypass of IP allowlisting controls, including in GovCloud environments."
}
],
"value": "Altium 365 workspace endpoints were configured with an overly permissive Cross-Origin Resource Sharing (CORS) policy that allowed credentialed cross-origin requests from other Altium-controlled subdomains, including forum.live.altium.com. As a result, JavaScript executing on those origins could access authenticated workspace APIs in the context of a logged-in user. When chained with vulnerabilities in those external applications, this misconfiguration enables unauthorized access to workspace data, administrative actions, and bypass of IP allowlisting controls, including in GovCloud environments."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
},
{
"capecId": "CAPEC-17",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-17 Accessing, Modifying, or Executing Executable Files"
}
]
},
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation via Trust Boundary Violation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 \u2013 Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T21:20:18.423Z",
"orgId": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79",
"shortName": "Altium"
},
"references": [
{
"url": "https://www.altium.com/platform/security-compliance/security-advisories"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Altium 365 Over-Permissive CORS Configuration Allows Credentialed Cross-Origin Workspace Access",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79",
"assignerShortName": "Altium",
"cveId": "CVE-2026-1181",
"datePublished": "2026-01-19T12:00:10.265Z",
"dateReserved": "2026-01-19T11:47:00.514Z",
"dateUpdated": "2026-01-26T21:20:18.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-1181",
"date": "2026-06-29",
"epss": "0.00308",
"percentile": "0.22391"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-1181\",\"sourceIdentifier\":\"4760f414-e1ae-4ff1-bdad-c7a9c3538b79\",\"published\":\"2026-01-19T13:16:20.543\",\"lastModified\":\"2026-06-17T10:15:16.987\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Altium 365 workspace endpoints were configured with an overly permissive Cross-Origin Resource Sharing (CORS) policy that allowed credentialed cross-origin requests from other Altium-controlled subdomains, including forum.live.altium.com. As a result, JavaScript executing on those origins could access authenticated workspace APIs in the context of a logged-in user. When chained with vulnerabilities in those external applications, this misconfiguration enables unauthorized access to workspace data, administrative actions, and bypass of IP allowlisting controls, including in GovCloud environments.\"},{\"lang\":\"es\",\"value\":\"Los puntos finales del espacio de trabajo de Altium 365 fueron configurados con una pol\u00edtica de Intercambio de Recursos de Origen Cruzado (CORS) excesivamente permisiva que permit\u00eda solicitudes de origen cruzado con credenciales desde otros subdominios controlados por Altium, incluyendo forum.live.altium.com. Como resultado, el JavaScript que se ejecutaba en esos or\u00edgenes pod\u00eda acceder a las API autenticadas del espacio de trabajo en el contexto de un usuario con sesi\u00f3n iniciada. Cuando se encadena con vulnerabilidades en esas aplicaciones externas, esta mala configuraci\u00f3n permite el acceso no autorizado a los datos del espacio de trabajo, acciones administrativas y la elusi\u00f3n de los controles de inclusi\u00f3n en lista blanca de IP, incluso en entornos GovCloud.\"}],\"affected\":[{\"source\":\"4760f414-e1ae-4ff1-bdad-c7a9c3538b79\",\"affectedData\":[{\"vendor\":\"Altium\",\"product\":\"Altium 365\",\"defaultStatus\":\"affected\",\"modules\":[\"Workspace API\"],\"platforms\":[\"Web\"],\"versions\":[{\"version\":\"unspecified\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"4760f414-e1ae-4ff1-bdad-c7a9c3538b79\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":9.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.3,\"impactScore\":6.0}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-01-20T21:29:36.260341Z\",\"id\":\"CVE-2026-1181\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"4760f414-e1ae-4ff1-bdad-c7a9c3538b79\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"},{\"lang\":\"en\",\"value\":\"CWE-942\"}]}],\"references\":[{\"url\":\"https://www.altium.com/platform/security-compliance/security-advisories\",\"source\":\"4760f414-e1ae-4ff1-bdad-c7a9c3538b79\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-1181\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-20T21:29:36.260341Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-20T21:29:39.992Z\"}}], \"cna\": {\"title\": \"Altium 365 Over-Permissive CORS Configuration Allows Credentialed Cross-Origin Workspace Access\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-122\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-122 Privilege Abuse\"}]}, {\"capecId\": \"CAPEC-17\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-17 Accessing, Modifying, or Executing Executable Files\"}]}, {\"capecId\": \"CAPEC-233\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-233 Privilege Escalation via Trust Boundary Violation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Altium\", \"modules\": [\"Workspace API\"], \"product\": \"Altium 365\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"semver\"}], \"platforms\": [\"Web\"], \"defaultStatus\": \"affected\"}], \"datePublic\": \"2026-01-15T22:48:00.000Z\", \"references\": [{\"url\": \"https://www.altium.com/platform/security-compliance/security-advisories\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Altium 365 workspace endpoints were configured with an overly permissive Cross-Origin Resource Sharing (CORS) policy that allowed credentialed cross-origin requests from other Altium-controlled subdomains, including forum.live.altium.com. As a result, JavaScript executing on those origins could access authenticated workspace APIs in the context of a logged-in user. When chained with vulnerabilities in those external applications, this misconfiguration enables unauthorized access to workspace data, administrative actions, and bypass of IP allowlisting controls, including in GovCloud environments.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Altium 365 workspace endpoints were configured with an overly permissive Cross-Origin Resource Sharing (CORS) policy that allowed credentialed cross-origin requests from other Altium-controlled subdomains, including forum.live.altium.com. As a result, JavaScript executing on those origins could access authenticated workspace APIs in the context of a logged-in user. When chained with vulnerabilities in those external applications, this misconfiguration enables unauthorized access to workspace data, administrative actions, and bypass of IP allowlisting controls, including in GovCloud environments.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-942\", \"description\": \"CWE-942 \\u2013 Permissive Cross-domain Policy with Untrusted Domains\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284 Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"4760f414-e1ae-4ff1-bdad-c7a9c3538b79\", \"shortName\": \"Altium\", \"dateUpdated\": \"2026-01-26T21:20:18.423Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-1181\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-26T21:20:18.423Z\", \"dateReserved\": \"2026-01-19T11:47:00.514Z\", \"assignerOrgId\": \"4760f414-e1ae-4ff1-bdad-c7a9c3538b79\", \"datePublished\": \"2026-01-19T12:00:10.265Z\", \"assignerShortName\": \"Altium\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…