Native Messaging Host Vulnerability in Pega Browser Extension
CVE-2026-1079

6MEDIUM

Key Information:

Vendor: Pegasystems
Status: Pega Browser Extension (pbe)
Vendor: CVE Published:; 7 April 2026

🔔 Create Pegasystems Vulnerability Alert

What is CVE-2026-1079?

A vulnerability exists in the Pega Browser Extension that affects all versions of Pega Robotic Automation. This flaw enables a malicious actor to craft a website containing harmful code aimed at the Pega Browser Extension. If users inadvertently navigate to such a malicious site, they could encounter an unexpected message box, potentially compromising their security and privacy. It is essential for users to remain vigilant and to apply any recommended security patches or updates provided by Pega to mitigate the risk associated with this vulnerability.

Affected Version(s)

Pega Browser Extension (PBE) 0 < 3.1.45

References

https://support.pega.com/support-doc/pega-security-adviso...

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Jan 16, 2026

Credit

Ramon Dunker from Achmea, Security Assessment Team

CVE-2026-1079 Data

JSON