Pegasystems slides as new Pega Robotics and Browser Extension security flaws disclosed
Pegasystems shares fell after Pega disclosed new security vulnerabilities affecting its Robotic Automation products and the Pega Browser Extension, with fixes posted April 6, 2026. The advisory urged customers to update to PBE 3.1.45+ and Robot Studio/Runtime 25.1.13, pressuring near-term sentiment around remediation and customer disruption risk.
1) What’s moving the stock
Pegasystems (PEGA) is trading lower as investors digest a newly posted security advisory detailing two vulnerabilities tied to Pega Robotic Automation and the Pega Browser Extension. The disclosure introduces fresh risk perception around customer patching cycles, potential operational disruption, and incremental support workload, which can weigh on near-term sentiment in enterprise software names.
2) What Pega disclosed and who is affected
The April 6, 2026 advisory describes two issues: a High severity vulnerability (CVSS 7.2) affecting Pega Robotic Automation version 22.1 or R25 for users running automations in Google Chrome or Microsoft Edge, and a Medium severity vulnerability (CVSS 6.0) affecting all versions of the Pega Browser Extension. The risks described involve malicious websites targeting the browser extension, with the higher-severity case triggered if a Robot Runtime user navigates to a malicious site.
3) Fixes and near-term focus for investors
Pega recommended customers install Pega Browser Extension (PBE) version 3.1.45 or later and update Robot Studio and Robot Runtime to 25.1.13. With the remediation guidance now public, investors will watch for any signs of customer friction—especially in regulated industries where patch validation can be slow—and whether elevated security-related attention impacts sales cycles or renewals in the near term.