{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26029", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-09T21:36:29.555Z", "datePublished": "2026-02-11T21:25:57.164Z", "dateUpdated": "2026-02-12T15:41:13.182Z"}, "containers": {"cna": {"title": "sf-mcp-server has a Command Injection in query_records tool due to unsafe use of child_process.exec", "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "lang": "en", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/akutishevsky/sf-mcp-server/security/advisories/GHSA-h4w9-g9c5-vfwq", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/akutishevsky/sf-mcp-server/security/advisories/GHSA-h4w9-g9c5-vfwq"}, {"name": "https://github.com/akutishevsky/sf-mcp-server/commit/99fba0171b8c22b5ee3c0405053ccfd2910a066d", "tags": ["x_refsource_MISC"], "url": "https://github.com/akutishevsky/sf-mcp-server/commit/99fba0171b8c22b5ee3c0405053ccfd2910a066d"}], "affected": [{"vendor": "akutishevsky", "product": "sf-mcp-server", "versions": [{"version": "< 1.0.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-11T21:25:57.164Z"}, "descriptions": [{"lang": "en", "value": "sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of child_process.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to execute arbitrary shell commands with the privileges of the MCP server process."}], "source": {"advisory": "GHSA-h4w9-g9c5-vfwq", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/akutishevsky/sf-mcp-server/security/advisories/GHSA-h4w9-g9c5-vfwq", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-12T15:41:09.185239Z", "id": "CVE-2026-26029", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-12T15:41:13.182Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "sf-mcp-server has a Command Injection in query_records tool due to unsafe use of child_process.exec", "source": {"advisory": "GHSA-h4w9-g9c5-vfwq", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "akutishevsky", "product": "sf-mcp-server", "versions": [{"status": "affected", "version": "< 1.0.3"}]}], "references": [{"url": "https://github.com/akutishevsky/sf-mcp-server/security/advisories/GHSA-h4w9-g9c5-vfwq", "name": "https://github.com/akutishevsky/sf-mcp-server/security/advisories/GHSA-h4w9-g9c5-vfwq", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/akutishevsky/sf-mcp-server/commit/99fba0171b8c22b5ee3c0405053ccfd2910a066d", "name": "https://github.com/akutishevsky/sf-mcp-server/commit/99fba0171b8c22b5ee3c0405053ccfd2910a066d", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of child_process.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to execute arbitrary shell commands with the privileges of the MCP server process."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-11T21:25:57.164Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26029", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-12T15:41:09.185239Z"}}}], "references": [{"url": "https://github.com/akutishevsky/sf-mcp-server/security/advisories/GHSA-h4w9-g9c5-vfwq", "tags": ["exploit"]}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-02-12T15:41:01.785Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-26029", "state": "PUBLISHED", "dateUpdated": "2026-02-11T21:25:57.164Z", "dateReserved": "2026-02-09T21:36:29.555Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-11T21:25:57.164Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of child_process.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to execute arbitrary shell commands with the privileges of the MCP server process."}, {"lang": "es", "value": "sf-mcp-server es una implementaci\u00f3n del servidor Salesforce MCP para Claude para Escritorio. Una vulnerabilidad de inyecci\u00f3n de comandos existe en sf-mcp-server debido al uso inseguro de child_process.exec al construir comandos de Salesforce CLI con entrada controlada por el usuario. La explotaci\u00f3n exitosa permite a los atacantes ejecutar comandos de shell arbitrarios con los privilegios del proceso del servidor MCP."}], "id": "CVE-2026-26029", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-11T22:15:52.373", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/akutishevsky/sf-mcp-server/commit/99fba0171b8c22b5ee3c0405053ccfd2910a066d"}, {"source": "security-advisories@github.com", "url": "https://github.com/akutishevsky/sf-mcp-server/security/advisories/GHSA-h4w9-g9c5-vfwq"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/akutishevsky/sf-mcp-server/security/advisories/GHSA-h4w9-g9c5-vfwq"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.0.3)"}}], "product": "sf-mcp-server", "vendor": "akutishevsky"}], "analysis": {"en": {"generated_at": "2026-04-17T20:09:27.251835+00:00", "value": {"mitigation_remediation": ["Apply the most recent patch or update to sf-mcp-server that fixes the command injection, as referenced in the GitHub advisory.", "If the patch cannot be applied immediately, modify the code that constructs the Salesforce CLI command to perform strict input validation or use a safe API that does not invoke child_process.exec with raw user input.", "Limit the permissions of the MCP server process to the minimal set required for normal operation, reducing the impact of any potential code execution."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the sf-mcp-server product from akutishevsky. No specific version information was provided, so all releases may be impacted until a patch is applied.", "description_and_impact": "sf-mcp-server contains a command injection flaw caused by unsafe use of child_process.exec when building Salesforce CLI commands with user supplied data. An attacker who can influence the input to the query_records tool can cause the server to execute arbitrary shell commands with whatever privileges the MCP server process holds, allowing complete compromise of confidentiality, integrity, and availability. The weakness is identified as CWE-78.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high severity. The EPSS score of less than 1% suggests a low likelihood of exploitation at present, and the issue is not listed in the CISA KEV catalog. Based on the description, it is inferred that the vulnerability could be exploited by anyone able to supply input to the query_records tool\u2014likely through local or component\u2011level access if the tool is exposed via API. Successful exploitation would grant an adversary the same privileges as the MCP server process."}}}}, "created": "2026-02-12T09:03:12.588246+00:00", "updated": "2026-04-17T20:15:27.001947+00:00", "vendors": ["akutishevsky", "akutishevsky$PRODUCT$sf-mcp-server"]}