CVE-2026-1711
Stored XSS in Pega Platform UI Requires High-Privilege Developer
Publication date: 2026-04-15
Last updated on: 2026-04-23
Assigner: Pegasystems Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pega | pega_platform | From 8.1 (inc) to 25.1.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) issue found in Pega Platform versions 8.1.0 through 25.1.1. It occurs in a user interface component and requires a user with high privileges, specifically a developer role, to exploit it.
How can this vulnerability impact me? :
An attacker with high privileged developer access could exploit this Stored Cross-Site Scripting vulnerability to inject malicious scripts into the user interface. This could lead to unauthorized actions being performed in the context of the affected application, potentially compromising data integrity and user trust.