Pega continually works to implement security controls that are designed to protect client environments. With this focus, the Pega Robotics team has identified a security vulnerability, affecting the Pega Browser Extension (PBE).

Severity Update (Important)

This advisory was originally issued on December 30, 2025, with the vulnerability rated High (CVSS 7.7). Following a detailed review, the CVSS score was updated on January 15, 2026, and the vulnerability is now rated Critical (CVSS 9.0).

Clients are strongly encouraged to apply the remediation as soon as possible to mitigate risk.

This vulnerability affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25. This vulnerability does not affect Robot Runtime users. 

Impact

A bad actor could create a website that includes malicious code. The vulnerability could occur if you navigate to this website during interrogation mode in Robot Studio. 

Remediation

To ensure that you remain unaffected, please install PBE 3.1.43 or later. We recommend that you also update Robot Studio to 25.1.12. Pega Browser Extension 3.1.43 or later can, however, be used with any version of Robot Studio R25 or 22.1. 

To download the latest build of Pega Browser Extension (PBE), go to My Software and download 25.1.12. If you are using version 22.1, you only need to update PBE from the R25 download. You do not have to upgrade to R25 to implement this fix. For more information, see Downloading Pega Robotic Automation software.  

If you need help migrating to version 22.1 or version R25, please contact Pega Support.  

Robotic Automation 25.1.12

Robotic Automation 25.1.12 also includes several new features, including Robotics Autopilot. For more information, see New and updated features. 

If you have questions or concerns, please raise a Support Ticket in My Support Portal.