PT-2026-59279 · Pypi · Mcp-Salesforce-Connector

Published

2026-07-13

·

Updated

2026-07-13

CVSS v4.0

8.7

High

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Impact

Disclosure of Salesforce OAuth bearer tokens used by the MCP.

Patches

fix applied in 0.1.10

Workarounds

Rotate any Salesforce tokens/credentials used by MCP-Salesforce.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

PYSEC-2026-2629

Affected Products

Mcp-Salesforce-Connector