PT-2026-30712 · Salesforce.Com · Workbench
Therealshakesbear
·
Published
2026-04-06
·
Updated
2026-04-06
·
CVE-2026-35178
CVSS v4.0
9.3
Critical
| AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N |
Name of the Vulnerable Software and Affected Versions
Workbench versions prior to 65.0.0
Description
Workbench, a suite of tools for interacting with Salesforce.com organizations via the Force.com APIs, contains a remote code execution issue in the timezone conversion flow. The issue arises from unsafe processing of attacker-controlled cookie values. This affects administrators and developers using Workbench.
Recommendations
Update Workbench to version 65.0.0 or later.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Workbench