Salesforce · Salesforce Marketing Cloud Engagement · CVE-2026-22586
**Name of the Vulnerable Software and Affected Versions**
Salesforce Marketing Cloud Engagement versions prior to January 21st, 2026
**Description**
A hard-coded cryptographic key in the CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, and View As Webpage modules allows for Web Services Protocol Manipulation.
**Recommendations**
Update to the version released on or after January 21st, 2026.