CVE-2026-1078
HIGHPega Robot Studio 22.1 and R25 - Arbitrary File Write
Title source: manualDescription
An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robotic Automation version 22.1 or R25 users who are running automations that work with Google Chrome or Microsoft Edge. A bad actor could create a website that includes malicious code. The vulnerability could occur if a Robot Runtime user navigates to the malicious website.
Scores
CVSS v4
7.2
EPSS
0.0005
EPSS Percentile
16.6%
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (2)
Pegasystems/Pega Robot Studio
22.1
Pegasystems/Pega Robot Studio
R25
Published
Apr 07, 2026
Tracked Since
Apr 07, 2026