CVE Catalog

CVE-2026-22586

Critical
Published: Translated: NVD NIST

Summary

A hard-coded cryptographic key vulnerability in Salesforce Marketing Cloud Engagement allows for web services protocol manipulation. This issue affects modules such as CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, and View As Webpage.

Risk Assessment

Exploitation of this vulnerability could lead to unauthorized access to data and manipulation of information within the system, posing a significant security threat to the organization.

Recommendation

It is recommended to update the system to the latest version and review and secure cryptographic keys to minimize risk.

Original NVD description (English source)

Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS