Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Pegasystems — Vulnerabilities & Security Advisories 40

Browse all 40 CVE security advisories affecting Pegasystems. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Pegasystems provides enterprise software focused on business process management and customer relationship automation, primarily serving large organizations requiring complex workflow orchestration. With forty recorded Common Vulnerabilities and Exposures (CVEs), the platform has historically been susceptible to critical security flaws, most notably remote code execution (RCE) and cross-site scripting (XSS). These vulnerabilities often stem from insufficient input validation within its web-based interfaces and API endpoints, allowing attackers to bypass authentication or escalate privileges. While specific major public breaches are not widely documented in open sources, the high volume of CVEs indicates persistent challenges in securing its extensive codebase. The company has issued numerous patches to address these issues, reflecting an ongoing effort to mitigate risks associated with its complex, internet-facing architecture.

Top products by Pegasystems: Pega Infinity Pega Platform RPA: Synchronization Engine Pega Robot Studio Pega Browser Extension (PBE)
CVE IDTitleCVSSSeverityPublished
CVE-2026-1711 Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerability in a user interface component. Requires a high privileged user with a developer role. — Pega InfinityCWE-79 4.8 -2026-04-15
CVE-2026-1564 Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a user interface component. Requires a high privileged user with a developer role. — Pega InfinityCWE-80 5.5 -2026-04-15
CVE-2026-1079 A native messaging host vulnerability in Pega Browser Extension (PBE) affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension. — Pega Browser Extension (PBE)CWE-284 5.4AIMediumAI2026-04-07
CVE-2026-1078 An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robotic Automation version 22.1 or R25 users who are running automations that work with Google Chrome or Microsoft Edge. — Pega Robot StudioCWE-284 8.1AIHighAI2026-04-07
CVE-2025-62184 Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. — Pega InfinityCWE-79 4.8AIMediumAI2026-03-31
CVE-2026-0898 An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25. — Pega Robot StudioCWE-284 8.1 -2026-03-23
CVE-2025-62183 Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low. — Pega InfinityCWE-79 4.8AIMediumAI2026-02-17
CVE-2025-62182 Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affected by a Unrestricted file upload vulnerability, where a privileged user could potentially upload a malicious file. — Pega InfinityCWE-434 7.2AIHighAI2026-01-13
CVE-2025-62181 Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration where during user authentication process, a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. — Pega InfinityCWE-204 5.3 Medium2025-12-10
CVE-2025-9559 Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read data — Pega InfinityCWE-639 6.5 Medium2025-10-16
CVE-2025-8681 Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component — Pega InfinityCWE-79 5.5 Medium2025-09-10
CVE-2025-2161 Pegasystem Pega Platform 安全漏洞 — Pega InfinityCWE-79 7.1 High2025-04-14
CVE-2025-2160 Pegasystem Pega Platform 安全漏洞 — Pega InfinityCWE-79 8.1 High2025-04-14
CVE-2024-12211 Pegasystem PEGA Platform 安全漏洞 — Pega InfinityCWE-79 5.4 Medium2025-01-13
CVE-2024-10716 Pegasystem PEGA Platform 安全漏洞 — Pega InfinityCWE-79 5.9 Medium2024-12-05
CVE-2024-10094 Pegasystem PEGA Platform 安全漏洞 — Pega InfinityCWE-94 9.1 Critical2024-11-20
CVE-2024-6702 Pegasystem PEGA Platform 安全漏洞 — Pega InfinityCWE-74 5.2 Medium2024-09-12
CVE-2024-6701 Pegasystem PEGA Platform 安全漏洞 — Pega InfinityCWE-79 5.5 Medium2024-09-12
CVE-2024-6700 Pegasystem PEGA Platform 安全漏洞 — Pega InfinityCWE-79 5.5 Medium2024-09-12
CVE-2023-50168 Pegasystem PEGA Platform 代码问题漏洞 — Pega PlatformCWE-611 7.7 High2024-03-14
CVE-2023-50167 Pegasystem PEGA Platform 跨站脚本漏洞 — Pega PlatformCWE-79 5.4 Medium2024-03-06
CVE-2023-50166 Pegasystem PEGA Platform 安全漏洞 — Pega PlatformCWE-79 6.1 Medium2024-01-31
CVE-2023-50165 Pegasystem PEGA Platform 安全漏洞 — Pega PlatformCWE-918 8.5 High2024-01-31
CVE-2023-32089 Pegasystem PEGA Platform 跨站脚本漏洞 — Pega PlatformCWE-79 4.6 Medium2023-10-18
CVE-2023-32088 Pegasystem PEGA Platform 跨站脚本漏洞 — Pega PlatformCWE-79 4.6 Medium2023-10-18
CVE-2023-32087 Pegasystem PEGA Platform 跨站脚本漏洞 — Pega PlatformCWE-79 4.6 Medium2023-10-18
CVE-2023-4843 Pegasystem PEGA Platform 跨站脚本漏洞 — Pega PlatformCWE-74 4.3 Medium2023-09-08
CVE-2023-32090 Pegasystem PEGA Platform 授权问题漏洞 — Pega PlatformCWE-1393 9.8 Critical2023-08-07
CVE-2023-28094 Pegasystem PEGA Platform 安全漏洞 — Pega PlatformCWE-1393 8.1 High2023-06-22
CVE-2023-26465 Pegasystem PEGA Platform 跨站脚本漏洞 — Pega InfinityCWE-79 6.1 -2023-06-09

This page lists every published CVE security advisory associated with Pegasystems. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.