CVE-2026-2298 Salesforce — Exploit & Vulnerability Details CRITICAL

CVE-2026-2298

CRITICAL CVSS 3.1: 9.4 EPSS 0.07%

Parameter	Value
CVSS	9.4 (CRITICAL)
Type	CWE-88
Vendor	Salesforce
Public PoC	No

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 30th, 2026.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

Low

Partial disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-88

References 1

https://help.salesforce.com/s/articleView?id=005299346&type=1

security@salesforce.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-35178

Salesforce

9.3

CVE-2026-34951

Salesforce

5.1

CVE-2026-26029

Salesforce

7.5

CVE-2026-25650

Salesforce

6.6

CVE-2026-22586

Salesforce

None

Menu

CVE-2026-2298

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-35178

CVE-2026-34951

CVE-2026-26029

CVE-2026-25650

CVE-2026-22586

CVE Details

Editor's Choice

Menu

CVE-2026-2298

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-35178

CVE-2026-34951

CVE-2026-26029

CVE-2026-25650

CVE-2026-22586

CVE Details

Editor's Choice

Stay informed on cybersecurity