Primary

Context

Pega Customer Service Framework Unrestricted File Upload Vulnerability

Vulnerability

Patched

A file upload vulnerability has been identified in Pega Customer Service Framework versions 8.7.0 prior to 25.1.0. This vulnerability allows privileged users to upload malicious files, potentially bypassing application-layer defenses.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads, allowing for the introduction of malicious files that could be used to compromise the application or its users.

Remediation

Users can upgrade to Pega Customer Service versions 24.2.3 or 25.1.1. For version 26.1, the patch is targeted for Q2 2026.

Added: Jan 13, 2026, 5:29 PM

Updated: Jan 13, 2026, 5:29 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.2

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.2

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Pega Customer Service Framework Unrestricted File Upload Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Pega Customer Service Framework

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating