Cryptographic Key Vulnerability in Salesforce Marketing Cloud Engagement
CVE-2026-22586

9.8CRITICAL

Key Information:

Vendor: Salesforce
Status: Marketing Cloud Engagement
Vendor: CVE Published:; 24 January 2026

What is CVE-2026-22586?

A hard-coded cryptographic key vulnerability in Salesforce Marketing Cloud Engagement affects several modules, including CloudPages and Profile Center. This flaw enables manipulation of web services protocols, potentially exposing sensitive data and impacting user privacy. Organizations using these affected modules prior to January 21, 2026, should be aware of this vulnerability and take the necessary precautions to secure their systems.

Affected Version(s)

Marketing Cloud Engagement 0

References

https://help.salesforce.com/s/articleView?id=005299346&ty...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 24, 2026
Vulnerability Reserved
Jan 7, 2026

CVE-2026-22586 Data

JSON