CVE-2026-25650

Medium CVSS: 6.6

MCP Salesforce Connector is a Model Context Protocol (MCP) server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10.

Vendor

Smn2gnt

Product

Mcp Salesforce Connector

CWE

CWE-200

Yayın Tarihi

2026-02-06 19:16:09

Güncelleme

2026-02-24 20:59:52

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-200 Mcp Salesforce Connector MEDIUM Smn2gnt 2026

Referanslar

https://github.com/smn2gnt/MCP-Salesforce/commit/a1e3a5a786f48508d066b6d40b58201ebf9b7fd6 https://github.com/smn2gnt/MCP-Salesforce/releases/tag/v0.1.10 https://github.com/smn2gnt/MCP-Salesforce/security/advisories/GHSA-vf6j-c56p-cq58