CVE-2026-1078

UNKNOWN 0.0

An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robotic Automation version 22.1 or R25 users who are running automations that work with Google Chrome or Microsoft Edge.

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robotic Automation version 22.1 or R25 users who are running automations that work with Google Chrome or Microsoft Edge. A bad actor could create a website that includes malicious code. The vulnerability could occur if a Robot Runtime user navigates to the malicious website.

CWE	CWE-284
Vendor	pegasystems
Product	pega robot studio
Published	Apr 7, 2026
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for pegasystems pega robot studio

Be the first to know when new unknown vulnerabilities affecting pegasystems pega robot studio are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Pegasystems / Pega Robot Studio

22.1 R25

References

NVD ↗ CVE.org ↗ EPSS Data ↗

support.pega.com: https://support.pega.com/support-doc/pega-security-advisory-a26-vulnerability-remediation-note

Credits

Ramon Dunker from Achmea, Security Assessment Team