HTML Injection Vulnerability in Pega Platform by Pegasystems
CVE-2026-1564

5.1MEDIUM

Key Information:

Vendor: Pegasystems
Status: Pega Infinity
Vendor: CVE Published:; 15 April 2026

🔔 Create Pegasystems Vulnerability Alert

What is CVE-2026-1564?

An HTML Injection vulnerability exists within the Pega Platform that affects versions 8.1.0 through 25.1.1. This vulnerability can be exploited by users with a developer role, allowing unauthorized injection of HTML code into the application’s user interface. Proper remediation measures should be implemented to prevent potential exploitation and ensure the integrity of the application.

Affected Version(s)

Pega Infinity 8.1.0

References

https://support.pega.com/support-doc/pega-security-adviso...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Jan 28, 2026

Credit

Michal Skowron from ING Hubs Poland

CVE-2026-1564 Data

JSON