EUVD-2026-19640

| CVE-2026-1079 MEDIUM
2026-04-07 Pega GHSA-5f74-cm8j-hpf8
6.0
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

3
Analysis Generated
Apr 07, 2026 - 15:30 vuln.today
EUVD ID Assigned
Apr 07, 2026 - 15:30 euvd
EUVD-2026-19640
CVE Published
Apr 07, 2026 - 15:17 nvd
MEDIUM 6.0

Tags

Authentication Bypass

Description

A native messaging host vulnerability in Pega Browser Extension (PBE) affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension. A bad actor could create a website that contains malicious code that targets PBE. The vulnerability could occur if a user navigates to this website. The malicious website could then present an unexpected message box.

Analysis

Remote code execution via malicious websites targeting Pega Browser Extension (PBE) allows unauthenticated attackers to trigger unexpected message boxes and cause availability impact on affected systems. All versions of Pega Browser Extension prior to 3.1.45 are vulnerable; the attack requires user interaction (navigation to a malicious website) but no special privileges. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

30
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +30
POC: 0

Share

EUVD-2026-19640 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy