CVE-2026-22583

Name of the Vulnerable Software and Affected Versions Salesforce Marketing Cloud Engagement versions prior to January 21st, 2026

Description Improper Neutralization of Argument Delimiters in a Command (Argument Injection) in the CloudPagesUrl module allows Web Services Protocol Manipulation. Argument Injection occurs when an application fails to properly sanitize user-supplied input used as a command-line argument, allowing an attacker to inject additional arguments to alter the command's behavior.

Recommendations Update to the version released on or after January 21st, 2026. Restrict the use of the CloudPagesUrl module as a temporary mitigation measure.