CVE-2026-22583

{"id": "CVE-2026-22583", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-01-24T01:15:50.060", "references": [{"url": "https://help.salesforce.com/s/articleView?id=005299346&type=1", "tags": ["Vendor Advisory"], "source": "security@salesforce.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@salesforce.com", "description": [{"lang": "en", "value": "CWE-88"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026."}, {"lang": "es", "value": "Vulnerabilidad de Neutralizaci\u00f3n Inadecuada de Delimitadores de Argumentos en un Comando ('Inyecci\u00f3n de Argumentos') en Salesforce Marketing Cloud Engagement (m\u00f3dulo CloudPagesUrl) permite la Manipulaci\u00f3n del Protocolo de Servicios Web. Este problema afecta a Marketing Cloud Engagement: antes del 21 de enero de 2026."}], "lastModified": "2026-02-12T16:12:21.877", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:salesforce:marketing_cloud_engagement:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A41CCDE-A5EA-45D6-A009-A6908459C453", "versionEndExcluding": "2026-01-21"}], "operator": "OR"}]}], "sourceIdentifier": "security@salesforce.com"}