Known Vulnerabilities for products from Pega
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Pega".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-1079 json | Not Provided | 2026-04-07 | 2026-04-07 | |
| CVE-2026-1078 json | Not Provided | 2026-04-07 | 2026-04-07 | |
| CVE-2025-62184 json | Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface c... | Not Provided | 2026-03-31 | 2026-04-03 |
| CVE-2023-32090 json | Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials | 9.8 - CRITICAL | 2023-08-07 | 2023-08-10 |
| CVE-2023-32089 json | Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description | 6.1 - MEDIUM | 2023-10-18 | 2023-10-25 |
| CVE-2023-32088 json | Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation | 6.1 - MEDIUM | 2023-10-18 | 2023-10-25 |
| CVE-2023-32087 json | Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation | 6.1 - MEDIUM | 2023-10-18 | 2023-10-25 |
| CVE-2023-28094 json | Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing... | 9.8 - CRITICAL | 2023-06-22 | 2023-08-05 |
| CVE-2023-28093 json | A user with a compromised configuration can start an unsigned binary as a service. | 6.5 - MEDIUM | 2023-04-10 | 2023-04-21 |
| CVE-2023-26467 json | A man in the middle can redirect traffic to a malicious server in a compromised configuration. | 5.4 - MEDIUM | 2023-04-10 | 2023-04-21 |
| CVE-2023-26466 json | A user with non-Admin access can change a configuration file on the client to modify the Server URL. | 7.8 - HIGH | 2023-04-10 | 2023-04-14 |
| CVE-2023-26465 json | Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. | 6.1 - MEDIUM | 2023-06-09 | 2023-06-16 |
| CVE-2023-4843 json | Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Dir... | 4.8 - MEDIUM | 2023-09-08 | 2023-09-12 |
| CVE-2022-35656 json | Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly... | 4.5 - MEDIUM | 2022-08-22 | 2022-08-23 |
| CVE-2022-35655 json | Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting. | 6.1 - MEDIUM | 2022-08-22 | 2022-08-23 |
| CVE-2022-35654 json | Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. | 6.1 - MEDIUM | 2022-08-22 | 2022-08-23 |
| CVE-2022-24083 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-07-25 | 2022-08-01 |
| CVE-2022-24082 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-07-19 | 2022-11-07 |
| CVE-2021-27654 json | Forgotten password reset functionality for local accounts can be used to bypass local authentication checks. | 7.8 - HIGH | 2022-01-28 | 2022-02-03 |
| CVE-2021-27653 json | Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure. | 4.9 - MEDIUM | 2021-04-01 | 2022-04-25 |
Known software with vulnerabilities from Pega
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Pega | Pega Platform | 5 |
| Application | Pega | Platform | 8.1.7 |