CVE-2026-9024
Awaiting Analysis Awaiting Analysis - Queue
Stored XSS in DELMIA Process Experience Studio

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: Dassault Systèmes

Description
A Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x could allow an attacker to execute arbitrary script code in user's browser session.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-21
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-9024
EUVD
EUVD-2026-33604
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dassault_systèmes delmia_service_process_engineer From 3DEXPERIENCE_R2024x (inc) to 3DEXPERIENCE_R2026x (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can have a high impact as it allows attackers to execute arbitrary scripts in the context of a user's browser session.

  • Attackers could steal sensitive information such as session tokens or personal data.
  • It could lead to unauthorized actions performed on behalf of the user.
  • The vulnerability could be used to deliver malicious payloads or redirect users to malicious sites.
Executive Summary

CVE-2026-9024 is a Stored Cross-site Scripting (XSS) vulnerability that affects the Process Experience Studio component in DELMIA Service Process Engineer. This vulnerability exists in releases from 3DEXPERIENCE R2024x through 3DEXPERIENCE R2026x.

An attacker exploiting this vulnerability can inject and execute arbitrary script code within a user's browser session when interacting with the affected software.

Mitigation Strategies

This vulnerability is a Stored Cross-site Scripting (XSS) affecting Process Experience Studio in DELMIA Service Process Engineer from 3DEXPERIENCE R2024x through R2026x.

To mitigate this vulnerability, you should refer to the remediation information provided by Dassault Systèmes in their security advisories. Applying any available patches or updates for the affected releases is recommended to prevent exploitation.

Compliance Impact

The provided information does not specify how the Stored Cross-site Scripting (XSS) vulnerability in DELMIA Service Process Engineer affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9024. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart