CVE-2026-22586
CriticalSummary
A hard-coded cryptographic key vulnerability in Salesforce Marketing Cloud Engagement allows for web services protocol manipulation. This issue affects modules such as CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, and View As Webpage.
Risk Assessment
Exploitation of this vulnerability could lead to unauthorized access to data and manipulation of information within the system, posing a significant security threat to the organization.
Recommendation
It is recommended to update the system to the latest version and review and secure cryptographic keys to minimize risk.
Original NVD description (English source)
Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.

