XSS in Pegasystems Pega Infinity

CVE-2026-1711

Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerability in a user interface component. Requires a high privileged user with a developer role.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (9.9th percentile) — read the EPSS interpretation.

Affected products

Pegasystems Pega Infinity — versions 8.1.0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

support.pega.com/support-doc/pega-security-advisory-d26-vulnerability-remediati…