CVE-2026-1079
Native Messaging Host Vulnerability in Pega Browser Extension Causes Unexpected Prompts
Publication date: 2026-04-07
Last updated on: 2026-04-07
Assigner: Pegasystems Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pega | pga_browser_extension | * |
| pega | robotic_automation | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Pega Browser Extension (PBE), which is used by Pega Robotic Automation users. A malicious actor can create a website containing harmful code that targets the PBE. If a user visits this malicious website, it could trigger an unexpected message box to appear, exploiting the native messaging host functionality of the extension.
How can this vulnerability impact me? :
The impact of this vulnerability is that a user who visits a malicious website could be presented with an unexpected message box via the Pega Browser Extension. This could potentially be used to trick the user or disrupt normal operations, leading to possible security or usability issues.