Arbitrary File-Write Vulnerability in Pega Browser Extension for Pega Robotic Automation
CVE-2026-1078

7.2HIGH

Key Information:

Vendor: Pegasystems
Status: Pega Robot Studio
Vendor: CVE Published:; 7 April 2026

🔔 Create Pegasystems Vulnerability Alert

What is CVE-2026-1078?

An arbitrary file-write vulnerability exists in the Pega Browser Extension, which affects users of Pega Robotic Automation versions 22.1 and R25. This issue arises when users running automation workflows in Google Chrome or Microsoft Edge navigate to a malicious website specifically designed to exploit this vulnerability. If successfully executed, a bad actor can potentially write files to arbitrary locations on the affected system, leading to unauthorized access and manipulation of files. Organizations using these versions must apply security patches and follow recommended guidance to mitigate this risk. For more information, refer to the official security advisory.

Affected Version(s)

Pega Robot Studio 22.1

Pega Robot Studio R25

References

https://support.pega.com/support-doc/pega-security-adviso...

CVSS V4

Score:

7.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Jan 16, 2026

Credit

Ramon Dunker from Achmea, Security Assessment Team

CVE-2026-1078 Data

JSON