PT-2026-6868 · Pypi · Mcp-Salesforce-Connector

Published

2026-02-06

·

Updated

2026-02-06

CVSS v4.0

8.7

High

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Impact

Disclosure of Salesforce OAuth bearer tokens used by the MCP.

Patches

fix applied in 0.1.10

Workarounds

Rotate any Salesforce tokens/credentials used by MCP-Salesforce.

Fix

Information Disclosure

Weakness Enumeration

CWE-200

Related Identifiers

GHSA-VF6J-C56P-CQ58

Affected Products

Mcp-Salesforce-Connector