Description
In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.
Remediation
References
Related Vulnerabilities
Joomla Improper Access Control Vulnerability (CVE-2026-23899)
CKEditor Other Vulnerability (CVE-2022-24729)
WordPress Plugin Swiss Toolkit For WP Security Bypass (1.0.7)
WordPress Plugin WP Frontend Profile Multiple Vulnerabilities (0.2.1)
Joomla URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-23798)