XSS in Pegasystems Pega Infinity

CVE-2026-1564

Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a user interface component. Requires a high privileged user with a developer role.

EPSS: 0.000 (9.8th percentile) — read the EPSS interpretation.

Affected products

Pegasystems Pega Infinity — versions 8.1.0

Weakness classification (CWE)

CWE-80 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

References

support.pega.com/support-doc/pega-security-advisory-b26-vulnerability-remediati…