Stored Cross-Site Scripting Vulnerability in Pega Platform by Pega
CVE-2026-1711

4.8MEDIUM

Key Information:

Vendor: Pegasystems
Status: Pega Infinity
Vendor: CVE Published:; 15 April 2026

🔔 Create Pegasystems Vulnerability Alert

What is CVE-2026-1711?

A Stored Cross-Site Scripting vulnerability exists in multiple versions of the Pega Platform. This flaw affects a user interface component and requires a user with high privileges, such as a developer, to exploit it. If successfully executed, an attacker could potentially inject malicious scripts into the application's UI, compromising sensitive data or affecting user interaction.

Affected Version(s)

Pega Infinity 8.1.0

References

https://support.pega.com/support-doc/pega-security-adviso...

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Jan 30, 2026

Credit

Amjad Nayef Qabaha from Integrated Telecom Solutions (INOVAR)

CVE-2026-1711 Data

JSON