CVE-2026-1564 Pega Platform — Exploit & Vulnerability Details MEDIUM

Parameter	Value
CVSS	5.1 (MEDIUM)
Affected Versions	8.1.0 — 25.1.1
Type	CWE-80 (Improper Neutralization of Script-Related HTML Tags (XSS))
Vendor	Pega Platform
Public PoC	No

Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a user interface component. Requires a high privileged user with a developer role.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Attack Requirements

None

No additional conditions

Privileges Required

High

Admin privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

Low

Partial data modification

Availability

None

No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-80 Improper Neutralization of Script-Related HTML Tags (XSS)

References 1

https://support.pega.com/support-doc/pega-security-advisory-b26-vulnerability-r…

security@pega.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-1711

Pega Platform

4.8

CVE-2025-62184

Pega

4.8

CVE-2025-62183

Pega Platform

4.8

Menu

CVE-2026-1564

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-1711

CVE-2025-62184

CVE-2025-62183

CVE Details

Editor's Choice

Menu

CVE-2026-1564

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-1711

CVE-2025-62184

CVE-2025-62183

CVE Details

Editor's Choice

Stay informed on cybersecurity