Plattform
chrome
Komponente
pega-browser-extension
Behoben in
22.1.1
25.0.1
CVE-2026-1078 represents an arbitrary file-write vulnerability identified in the Pega Browser Extension (PBE). This flaw affects users of Pega Robotic Automation version 22.1 or R25 who are running automations within Google Chrome or Microsoft Edge. An attacker could potentially exploit this vulnerability by crafting a malicious website that triggers the file-write operation.
An attacker could leverage CVE-2026-1078 to write arbitrary files to the user's system through the Pega Browser Extension. This could lead to system compromise, data exfiltration, or the execution of malicious code. The vulnerability is triggered when a Robot Runtime user navigates to a malicious website. The potential impact is significant, as it could allow an attacker to gain control over the user's machine and access sensitive data.
CVE-2026-1078 was published on 2026-04-07. The CVSS score is pending evaluation. Public proof-of-concept exploits are not currently known. The vulnerability requires a user to navigate to a malicious website, which lowers the immediate exploitation probability. No information is available regarding active campaigns targeting this vulnerability.
Organizations utilizing Pega Robotic Automation version 22.1–R25, particularly those with Robot Runtime users who frequently interact with external websites or untrusted sources, are at risk. Shared hosting environments where multiple users share the same browser instance could also amplify the potential impact.
• chrome: Inspect browser extensions installed and enabled. Check for unexpected file write operations within the Pega Browser Extension's context. Use Chrome DevTools to monitor network requests and identify suspicious URLs. • generic web: Monitor web traffic for requests to unusual file paths or with unexpected parameters. Examine browser history for visits to suspicious websites. • generic web: Review Pega Robotic Automation workflow configurations for any instances where the browser extension is interacting with external websites or resources.
disclosure
Exploit-Status
EPSS
0.05% (17% Perzentil)
CISA SSVC
The primary mitigation for CVE-2026-1078 is to upgrade the Pega Browser Extension to a version that addresses this vulnerability. Until a fixed version is available, restrict access to potentially malicious websites. Implement strict content security policies (CSP) within the Pega Robotic Automation environment to limit the ability of the browser extension to access and write files. Educate users about the risks of visiting untrusted websites. Monitor system logs for any unusual file activity.
Actualice la extensión Pega Browser Extension (PBE) a una versión corregida. Consulte la nota de remediación de seguridad de Pegasystems (https://support.pega.com/support-doc/pega-security-advisory-a26-vulnerability-remediation-note) para obtener instrucciones detalladas sobre cómo mitigar esta vulnerabilidad.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-1078 is a vulnerability in Pega Browser Extension allowing attackers to write arbitrary files via malicious websites, affecting versions 22.1–R25.
You are affected if you use Pega Robotic Automation version 22.1–R25 with the Pega Browser Extension and your Robot Runtime users navigate to untrusted websites.
Upgrade to a patched version of the Pega Browser Extension as soon as it becomes available. Monitor Pega's security advisories for updates.
As of now, there are no confirmed reports of active exploitation, but the vulnerability is publicly known.
Refer to the official Pega security advisories on the Pega website for the latest information and updates regarding CVE-2026-1078.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.