CVE-2026-1711 Pega Platform — Exploit & Vulnerability Details MEDIUM

Parameter	Value
CVSS	4.8 (MEDIUM)
Affected Versions	8.1.0 — 25.1.1
Type	CWE-79 (Cross-Site Scripting (XSS))
Vendor	Pega Platform
Public PoC	No

Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerability in a user interface component. Requires a high privileged user with a developer role.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Attack Requirements

None

No additional conditions

Privileges Required

High

Admin privileges needed

User Interaction

Passive

Minimal interaction

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

Low

Partial data modification

Availability

None

No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

References 1

https://support.pega.com/support-doc/pega-security-advisory-d26-vulnerability-r…

security@pega.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-1564

Pega Platform

5.1

CVE-2025-62184

Pega

4.8

CVE-2025-62183

Pega Platform

4.8

Menu

CVE-2026-1711

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-1564

CVE-2025-62184

CVE-2025-62183

CVE Details

Editor's Choice

Menu

CVE-2026-1711

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-1564

CVE-2025-62184

CVE-2025-62183

CVE Details

Editor's Choice

Stay informed on cybersecurity