Pega Platform CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-8681	2 Pega, Pegasystems	2 Pega Platform, Pega Infinity	2025-10-29	5.5 Medium
Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component. Requires a high privileged user with a developer role.
CVE-2024-12211	2 Pega, Pegasystems	2 Pega Platform, Pega Platform	2025-10-29	5.4 Medium
Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile.
CVE-2024-10716	1 Pegasystems	1 Pega Platform	2025-07-13	5.9 Medium
Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search.
CVE-2023-32090	2 Pega, Pegasystems	2 Pega Platform, Pega Platform	2024-11-21	9.8 Critical
Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials

Page 1 of 1.