PT-2026-52176 · Drupal+1 · Salesforce Suite+1
Aaron Bauman
+4
·
Published
2026-06-24
·
Updated
2026-07-10
·
CVE-2026-13243
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
Drupal Salesforce Suite versions 0.0.0 through 5.1.3
Description
A Cross-Site Request Forgery (CSRF) issue exists where the software fails to properly validate the OAuth handshake during interactive authentication. This allows an attacker to hijack the authorization token and bind the site to an attacker-controlled Salesforce account. This issue requires the
salesforce oauth submodule to be enabled and an active salesforce oauth authorization profile to be in use.Recommendations
Update Drupal Salesforce Suite to version 6.0.x or later.
As a temporary mitigation, disable the
salesforce oauth submodule or switch to the salesforce jwt authentication plugin.CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Salesforce Suite
Drupal/Salesforce