CVE-2026-22586
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2026-01-24
Last updated on: 2026-02-12
Assigner: Salesforce, Inc.
Description
Description
Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| salesforce | marketing_cloud_engagement | to 2026-01-21 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-321 | The product uses a hard-coded, unchangeable cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Hard-coded Cryptographic Key issue in Salesforce Marketing Cloud Engagement, affecting modules such as CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, and View As Webpage. It allows Web Services Protocol Manipulation.
How can this vulnerability impact me? :
The vulnerability could allow attackers to manipulate web services protocols due to the hard-coded cryptographic key, potentially compromising the security of affected Salesforce Marketing Cloud Engagement modules.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70