Stored Cross-Site Scripting Vulnerability in Pega Platform by Pegasystems
CVE-2026-1562

4.6MEDIUM

Key Information:

Vendor
CVE Published:
15 July 2026

What is CVE-2026-1562?

The Pega Platform is susceptible to a stored cross-site scripting (XSS) vulnerability that arises within a user interface component. This security flaw necessitates the involvement of a high privileged user, particularly someone with a developer role, to exploit the issue effectively. When successfully exploited, an attacker could inject malicious scripts, leading to potential data leakage or further compromise of the application. It is crucial for organizations using affected versions of Pega Platform to take immediate action to remediate this vulnerability.

Affected Version(s)

Pega Infinity 8.1.0

References

CVSS V4

Score:
4.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Michal Skowron from ING Hubs Poland
.