PT-2026-4543 · Salesforce · Salesforce Marketing Cloud Engagement
Hackerone: H_A_0_K_E_R
·
Published
2026-01-24
·
Updated
2026-05-05
·
CVE-2026-22586
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Salesforce Marketing Cloud Engagement versions prior to January 21st, 2026
Description
A hard-coded cryptographic key in the CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, and View As Webpage modules allows for Web Services Protocol Manipulation.
Recommendations
Update to the version released on or after January 21st, 2026.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Salesforce Marketing Cloud Engagement