CVE-2026-1079
Received Received - Intake
Native Messaging Host Vulnerability in Pega Browser Extension Causes Unexpected Prompts

Publication date: 2026-04-07

Last updated on: 2026-04-07

Assigner: Pegasystems Inc.

Description
A native messaging host vulnerability in Pega Browser Extension (PBE) affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension. A bad actor could create a website that contains malicious code that targets PBE. The vulnerability could occur if a user navigates to this website. The malicious website could then present an unexpected message box.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-07
Last Modified
2026-04-07
Generated
2026-06-16
AI Q&A
2026-04-07
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1079
EUVD
EUVD-2026-19640
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
pega pga_browser_extension *
pega robotic_automation *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Pega Browser Extension (PBE), which is used by Pega Robotic Automation users. A malicious actor can create a website containing harmful code that targets the PBE. If a user visits this malicious website, it could trigger an unexpected message box to appear, exploiting the native messaging host functionality of the extension.

Impact Analysis

The impact of this vulnerability is that a user who visits a malicious website could be presented with an unexpected message box via the Pega Browser Extension. This could potentially be used to trick the user or disrupt normal operations, leading to possible security or usability issues.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1079. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart