CVE-2026-9024
Awaiting Analysis Awaiting Analysis - Queue

Stored XSS in DELMIA Process Experience Studio

Vulnerability report for CVE-2026-9024, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: Dassault Systèmes

Description

A Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x could allow an attacker to execute arbitrary script code in user's browser session.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-07-11
AI Q&A
2026-06-02
EPSS Evaluated
2026-07-10
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
dassault_systèmes delmia_service_process_engineer From 3DEXPERIENCE_R2024x (inc) to 3DEXPERIENCE_R2026x (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify how the Stored Cross-site Scripting (XSS) vulnerability in DELMIA Service Process Engineer affects compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability can have a high impact as it allows attackers to execute arbitrary scripts in the context of a user's browser session.

  • Attackers could steal sensitive information such as session tokens or personal data.
  • It could lead to unauthorized actions performed on behalf of the user.
  • The vulnerability could be used to deliver malicious payloads or redirect users to malicious sites.
Executive Summary

CVE-2026-9024 is a Stored Cross-site Scripting (XSS) vulnerability that affects the Process Experience Studio component in DELMIA Service Process Engineer. This vulnerability exists in releases from 3DEXPERIENCE R2024x through 3DEXPERIENCE R2026x.

An attacker exploiting this vulnerability can inject and execute arbitrary script code within a user's browser session when interacting with the affected software.

Mitigation Strategies

This vulnerability is a Stored Cross-site Scripting (XSS) affecting Process Experience Studio in DELMIA Service Process Engineer from 3DEXPERIENCE R2024x through R2026x.

To mitigate this vulnerability, you should refer to the remediation information provided by Dassault Systèmes in their security advisories. Applying any available patches or updates for the affected releases is recommended to prevent exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9024. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart