CVE-2026-22584

Name of the Vulnerable Software and Affected Versions Salesforce Uni2TS versions through 1.2.0

Description An improper control of generation of code issue, specifically a code injection, exists in Salesforce Uni2TS on MacOS, Windows, and Linux. This allows for the leveraging of executable code in non-executable files. The issue could lead to remote code execution by loading malicious model metadata, potentially resulting in a full system takeover.

Recommendations Versions through 1.2.0 should be updated to a newer version that contains a fix for this vulnerability.