Pega Security Vulnerabilities (CVEs)
Track 16 security vulnerabilities affecting Pega products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
Pega Platform versions 7.1.0 through Infinity 24.2.2 contain a stored cross-site scripting (XSS) vulnerability in a user interface component. This all...
Sep 10, 2025Pega Platform versions 8.4.3 through Infinity 24.2.1 contain a cross-site scripting (XSS) vulnerability in the Mashup component. This allows attackers...
Apr 14, 2025Pega Platform versions 8.1 through Infinity 24.2.0 contain a stored cross-site scripting (XSS) vulnerability in profile functionality. This allows att...
Jan 13, 2025This Cross-Site Scripting (XSS) vulnerability in Pega Platform's search functionality allows attackers to inject malicious scripts into web pages view...
Dec 5, 2024CVE-2024-10094 is a code injection vulnerability in Pega Platform that allows attackers to execute arbitrary code on affected systems. This affects al...
Nov 20, 2024Pega Platform versions 8.1 through Infinity 24.1.2 contain an HTML injection vulnerability in the Stage component that allows attackers to inject mali...
Sep 12, 2024Pega Platform versions 8.1 through Infinity 24.1.2 contain a cross-site scripting (XSS) vulnerability in the application name field. This allows attac...
Sep 12, 2024Pega Platform versions 6.x through 8.8.4 contain an XML External Entity (XXE) vulnerability in PDF generation functionality. This allows attackers to ...
Mar 14, 2024Pega Platform versions 8.2.1 through 23.1.0 contain a server-side request forgery (SSRF) vulnerability in the PDF generation functionality. This allow...
Jan 31, 2024Pega Platform versions 6.1 through 7.3.1 contain default operator credentials that could allow attackers to gain unauthorized access. This affects all...
Aug 7, 2023This vulnerability allows non-admin users to modify client configuration files to change the server URL, potentially redirecting communications to mal...
Apr 10, 2023CVE-2022-24083 is a critical authentication bypass vulnerability in Pega Platform that allows attackers to circumvent local password checks, potential...
Jul 25, 2022CVE-2022-24082 allows remote code execution on Pega Platform installations by exploiting insecure JMX interface exposure. Attackers can upload seriali...
Jul 19, 2022This vulnerability allows attackers to bypass local authentication by exploiting forgotten password reset functionality for local accounts. It affects...
Jan 28, 2022CVE-2021-27651 is an authentication bypass vulnerability in Pega Infinity that allows attackers to reset passwords for local accounts without proper a...
Apr 29, 2021CVE-2020-15390 is an improper access control vulnerability in Pega Platform's pyActivity component that allows unauthenticated attackers to access sen...
Apr 12, 2021Why Monitor Pega Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 16+ known vulnerabilities affecting Pega products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Pega packages in under 60 seconds. No agents required - completely agentless scanning that works across Pega deployments.
Free vulnerability database: Access detailed information about every Pega CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Pega CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
