Unknown · Mcp-Salesforce-Connector · CVE-2026-25650
**Name of the Vulnerable Software and Affected Versions**
MCP Salesforce Connector versions prior to 0.1.10
**Description**
The software is a Model Context Protocol (MCP) server implementation for Salesforce integration. A flaw exists where arbitrary attribute access can lead to the disclosure of Salesforce authentication tokens. The issue affects the disclosure of Salesforce OAuth bearer tokens used by the MCP.
**Recommendations**
Update to version 0.1.10 or later.
Rotate any Salesforce tokens or credentials used by MCP-Salesforce.