CVE-2026-0898

216.73.217.22

· Published 23/03/2026 19:16 · Modified 24/03/2026 15:54

Labels: CVE-2026-0898 2026-03-23 CVE-2026-0898 CWE-284 [email protected]

Essential information

Published: 23/03/2026 19:16
Modified: 24/03/2026 15:54
Author: —
Creator: —
CVSS: 9.0 CRITICAL (v3) 9.0 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25. This vulnerability does not affect Robot Runtime users. A bad actor could create a website that includes malicious code. The vulnerability may be exploited if a Pega Robot Studio developer is deceived into visiting this website during interrogation mode in Robot Studio.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
pega / browser extension	`cpe:2.3:a:pega:browser_extension:22.1:::::::*`
pega / browser extension	`cpe:2.3:a:pega:browser_extension:R25:::::::*`
pega / robot studio	`cpe:2.3:a:pega:robot_studio::::::::`