PT-2026-27201 · Salesforce · Salesforce Marketing Cloud Engagement

S.Shah@Slcyber.Io

Published

2026-03-23

Updated

2026-05-05

CVE-2026-2298

CVSS v3.1

9.4

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions Salesforce Marketing Cloud Engagement versions prior to January 30, 2026

Description Improper neutralization of argument delimiters in a command, known as argument injection, allows for Web Services Protocol Manipulation.

Recommendations Update to the version released on or after January 30, 2026.

Fix

Argument Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-88

Related Identifiers

CVE-2026-2298

Affected Products

Salesforce Marketing Cloud Engagement

PT-2026-27201 · Salesforce · Salesforce Marketing Cloud Engagement

CVE-2026-2298

Weakness Enumeration

Related Identifiers

Affected Products

References · 3