{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22584", "assignerOrgId": "c9b25dee-ae6d-4083-ba23-638c500cc364", "state": "PUBLISHED", "assignerShortName": "Salesforce", "dateReserved": "2026-01-07T19:03:25.721Z", "datePublished": "2026-01-09T22:10:02.933Z", "dateUpdated": "2026-01-12T16:23:58.916Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["MacOS", "Windows", "Linux"], "product": "Uni2TS", "repo": "https://github.com/SalesforceAIResearch/uni2ts", "vendor": "Salesforce", "versions": [{"lessThanOrEqual": "1.2.0", "status": "affected", "version": "0", "versionType": "git"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:salesforce:uni2ts:*:*:macos:*:*:*:*:*", "versionEndIncluding": "1.2.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:salesforce:uni2ts:*:*:windows:*:*:*:*:*", "versionEndIncluding": "1.2.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:salesforce:uni2ts:*:*:linux:*:*:*:*:*", "versionEndIncluding": "1.2.0", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.<p>This issue affects Uni2TS: through 1.2.0.</p>"}], "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0."}], "impacts": [{"capecId": "CAPEC-35", "descriptions": [{"lang": "en", "value": "CAPEC-35 Leverage Executable Code in Non-Executable Files"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c9b25dee-ae6d-4083-ba23-638c500cc364", "shortName": "Salesforce", "dateUpdated": "2026-01-09T22:10:02.933Z"}, "references": [{"url": "https://help.salesforce.com/s/articleView?id=005239354&type=1"}], "source": {"discovery": "UNKNOWN"}, "tags": ["x_open-source"], "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-01-12T15:34:07.650894Z", "id": "CVE-2026-22584", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-12T16:23:58.916Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-22584", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-12T15:34:07.650894Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-12T15:34:11.877Z"}}], "cna": {"tags": ["x_open-source"], "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-35", "descriptions": [{"lang": "en", "value": "CAPEC-35 Leverage Executable Code in Non-Executable Files"}]}], "affected": [{"repo": "https://github.com/SalesforceAIResearch/uni2ts", "vendor": "Salesforce", "product": "Uni2TS", "versions": [{"status": "affected", "version": "0", "versionType": "git", "lessThanOrEqual": "1.2.0"}], "platforms": ["MacOS", "Windows", "Linux"], "defaultStatus": "unaffected"}], "references": [{"url": "https://help.salesforce.com/s/articleView?id=005239354&type=1"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0.", "supportingMedia": [{"type": "text/html", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.<p>This issue affects Uni2TS: through 1.2.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:salesforce:uni2ts:*:*:macos:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "1.2.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:salesforce:uni2ts:*:*:windows:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "1.2.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:salesforce:uni2ts:*:*:linux:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "1.2.0", "versionStartIncluding": "0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "c9b25dee-ae6d-4083-ba23-638c500cc364", "shortName": "Salesforce", "dateUpdated": "2026-01-09T22:10:02.933Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22584", "state": "PUBLISHED", "dateUpdated": "2026-01-12T16:23:58.916Z", "dateReserved": "2026-01-07T19:03:25.721Z", "assignerOrgId": "c9b25dee-ae6d-4083-ba23-638c500cc364", "datePublished": "2026-01-09T22:10:02.933Z", "assignerShortName": "Salesforce"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:salesforce:uni2ts:*:*:*:*:*:*:*:*", "matchCriteriaId": "48458AB8-6EF1-4ADE-942E-EECA42E8FD65", "versionEndExcluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0."}], "id": "CVE-2026-22584", "lastModified": "2026-01-22T21:48:05.130", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-01-09T22:16:01.160", "references": [{"source": "security@salesforce.com", "tags": ["Vendor Advisory"], "url": "https://help.salesforce.com/s/articleView?id=005239354&type=1"}], "sourceIdentifier": "security@salesforce.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security@salesforce.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T07:22:07.063140+00:00", "value": {"mitigation_remediation": ["Upgrade Salesforce Uni2TS to any version newer than 1.2.0", "Identify and restrict locations where untrusted input files may be written or executed, ensuring they are not treated as executable code", "Implement file integrity monitoring to detect unauthorized injection or modification of files in application directories"], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Salesforce Uni2TS installations on macOS, Windows, and Linux distributions the vulnerability affects all versions up through 1.2.0. Any deployment using the Uni2TS application in the specified operating systems is susceptible unless patched beyond the vulnerable release.", "description_and_impact": "The vulnerability in Salesforce Uni2TS arises from improper control over the generation of code, a true code injection flaw. An attacker who can manipulate input data to the application can cause executables to be generated or executed from files that were not originally marked as executable. This flaw enables arbitrary code execution, which can lead to full compromise of the affected system, including data theft, destruction, or the use of the host as a pivot point for further attacks.", "risk_and_exploitability": "The flaw is assigned a high CVSS score of 9.8, indicating catastrophic potential. The EPSS score indicates a very low current exploitation probability (less than 1 percent), and at present the vulnerability is not listed in the CISA KEV catalog. When analyzed, it appears that the attack vector relies on the ability to introduce malicious code into files that the application processes and then cause those files to be executed as if they were binaries. Although exploitation would require the attacker to supply or gain control over sensitive files on the system, the high severity and proven code\u2011generation weakness make it a substantial threat if a local or managed code path is available."}}}}, "created": "2026-04-18T07:30:36.026571+00:00", "title": "Code Injection Allows Execution of Code from Non-Executable Files in Salesforce Uni2TS", "updated": "2026-04-18T07:30:36.026582+00:00", "vendors": []}