Browse all 40 CVE security advisories affecting Pegasystems. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Pegasystems provides enterprise software focused on business process management and customer relationship automation, primarily serving large organizations requiring complex workflow orchestration. With forty recorded Common Vulnerabilities and Exposures (CVEs), the platform has historically been susceptible to critical security flaws, most notably remote code execution (RCE) and cross-site scripting (XSS). These vulnerabilities often stem from insufficient input validation within its web-based interfaces and API endpoints, allowing attackers to bypass authentication or escalate privileges. While specific major public breaches are not widely documented in open sources, the high volume of CVEs indicates persistent challenges in securing its extensive codebase. The company has issued numerous patches to address these issues, reflecting an ongoing effort to mitigate risks associated with its complex, internet-facing architecture.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-1078 | An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robotic Automation version 22.1 or R25 users who are running automations that work with Google Chrome or Microsoft Edge. — Pega Robot StudioCWE-284 | 8.1AI | HighAI | 2026-04-07 |
| CVE-2026-0898 | An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25. — Pega Robot StudioCWE-284 | 8.1 | - | 2026-03-23 |
This page lists every published CVE security advisory associated with Pegasystems. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.