PT-2026-52176 · Drupal+1 · Salesforce Suite+1

Aaron Bauman

+4

·

Published

2026-06-24

·

Updated

2026-07-10

·

CVE-2026-13243

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions Drupal Salesforce Suite versions 0.0.0 through 5.1.3
Description A Cross-Site Request Forgery (CSRF) issue exists where the software fails to properly validate the OAuth handshake during interactive authentication. This allows an attacker to hijack the authorization token and bind the site to an attacker-controlled Salesforce account. This issue requires the salesforce oauth submodule to be enabled and an active salesforce oauth authorization profile to be in use.
Recommendations Update Drupal Salesforce Suite to version 6.0.x or later. As a temporary mitigation, disable the salesforce oauth submodule or switch to the salesforce jwt authentication plugin.

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-13243
DRUPAL-CONTRIB-2026-063

Affected Products

Salesforce Suite
Drupal/Salesforce