PT-2026-30847 · Pegasystems · Pega Browser Extension
Ramon Dunker
·
Published
2026-04-07
·
Updated
2026-04-07
·
CVE-2026-1079
CVSS v4.0
6.0
Medium
| AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
A native messaging host vulnerability in Pega Browser Extension (PBE) affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension. A bad actor could create a website that contains malicious code that targets PBE. The vulnerability could occur if a user navigates to this website. The malicious website could then present an unexpected message box.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pega Browser Extension