{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22583", "assignerOrgId": "c9b25dee-ae6d-4083-ba23-638c500cc364", "state": "PUBLISHED", "assignerShortName": "Salesforce", "dateReserved": "2026-01-07T19:03:25.720Z", "datePublished": "2026-01-24T00:20:54.718Z", "dateUpdated": "2026-04-29T19:25:53.535Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c9b25dee-ae6d-4083-ba23-638c500cc364", "shortName": "Salesforce", "dateUpdated": "2026-04-29T19:25:53.535Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-88", "description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-278", "descriptions": [{"lang": "en", "value": "CAPEC-278 Web Services Protocol Manipulation"}]}], "affected": [{"vendor": "Salesforce", "product": "Marketing Cloud Engagement", "modules": ["CloudPagesUrl"], "versions": [{"status": "affected", "version": "0", "lessThan": "January 21, 2026", "versionType": "date"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.<p></p>"}]}], "references": [{"url": "https://help.salesforce.com/s/articleView?id=005299346&type=1"}], "credits": [{"lang": "en", "value": "s.shah@slcyber.io", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-22583", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-27T04:55:33.618713Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:04:52.631Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-22583", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-27T04:55:33.618713Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-26T16:23:53.144Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "s.shah@slcyber.io"}], "impacts": [{"capecId": "CAPEC-278", "descriptions": [{"lang": "en", "value": "CAPEC-278 Web Services Protocol Manipulation"}]}], "affected": [{"vendor": "Salesforce", "modules": ["CloudPagesUrl"], "product": "Marketing Cloud Engagement", "versions": [{"status": "affected", "version": "0", "lessThan": "January 21, 2026", "versionType": "date"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://help.salesforce.com/s/articleView?id=005299346&type=1"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.<p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-88", "description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')"}]}], "providerMetadata": {"orgId": "c9b25dee-ae6d-4083-ba23-638c500cc364", "shortName": "Salesforce", "dateUpdated": "2026-04-29T19:25:53.535Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22583", "state": "PUBLISHED", "dateUpdated": "2026-04-29T19:25:53.535Z", "dateReserved": "2026-01-07T19:03:25.720Z", "assignerOrgId": "c9b25dee-ae6d-4083-ba23-638c500cc364", "datePublished": "2026-01-24T00:20:54.718Z", "assignerShortName": "Salesforce"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:salesforce:marketing_cloud_engagement:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A41CCDE-A5EA-45D6-A009-A6908459C453", "versionEndExcluding": "2026-01-21", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026."}], "id": "CVE-2026-22583", "lastModified": "2026-02-12T16:12:21.877", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-01-24T01:15:50.060", "references": [{"source": "security@salesforce.com", "tags": ["Vendor Advisory"], "url": "https://help.salesforce.com/s/articleView?id=005299346&type=1"}], "sourceIdentifier": "security@salesforce.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-88"}], "source": "security@salesforce.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T03:00:49.497663+00:00", "value": {"mitigation_remediation": ["Apply the Salesforce patch or upgrade to a version released after January\u00a021,\u00a02026, which resolves the argument injection in CloudPagesUrl.", "If an immediate patch is unavailable, disable or restrict external access to the CloudPagesUrl endpoints to prevent unauthorized input.", "Review all input handling for CloudPagesUrl and implement strict input validation and sanitization to prevent future injection attempts."], "summary": {"action": "Immediate Patch", "impact": "Remote code execution via argument injection"}, "threat_synthesis": {"affected_systems": "Salesforce Marketing Cloud Engagement is impacted, specifically any installation using the CloudPagesUrl module prior to January\u00a021,\u00a02026. No narrower version information is disclosed.", "description_and_impact": "The vulnerability is an Argument Injection flaw in the CloudPagesUrl module of Salesforce Marketing Cloud Engagement. It permits an attacker to inject malicious command\u2011line arguments into the web service protocol, potentially leading to arbitrary command execution and compromise of data confidentiality, integrity, or availability. The flaw stems from improper neutralization of argument delimiters, a classic injection weakness.", "risk_and_exploitability": "This flaw carries a CVSS\u00a0v3.1 score of\u00a09.8, indicating critical severity. The EPSS score is below\u00a01%, suggesting that, in practice, exploitation is unlikely to be widespread at this time, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog. Attackers would need remote access to the service endpoints and the ability to submit crafted requests; the likely vector is a remote HTTP(S) request to the affected web service."}}}}, "created": "2026-01-26T11:48:51.479719+00:00", "title": "Argument Injection in Salesforce Marketing Cloud Engagement CloudPagesUrl Module", "updated": "2026-04-18T03:15:35.423050+00:00", "vendors": ["salesforce", "salesforce$PRODUCT$marketing_cloud_engagement"]}