Reflected Cross-Site Scripting Vulnerability in Salesforce Workbench
CVE-2026-34951

5.1MEDIUM

Key Information:

Vendor: Forceworkbench
Status: Forceworkbench
Vendor: CVE Published:; 6 April 2026

🔔 Create Forceworkbench Vulnerability Alert

What is CVE-2026-34951?

The Salesforce Workbench tool, utilized by administrators and developers for interaction with Salesforce.com organizations via Force.com APIs, is susceptible to a reflected cross-site scripting vulnerability. This issue arises from the improper sanitization of user-supplied input in the footerScripts parameter, which can lead to malicious scripts being rendered in the page response. This vulnerability can potentially allow attackers to exploit error pages through XSS attacks, posing risks to the integrity of user interactions with the platform. The problem has been addressed and resolved in version 65.0.0.

Affected Version(s)

forceworkbench < 65.0.0

References

https://github.com/forceworkbench/forceworkbench/security...

x_refsource_CONFIRM

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2026
Vulnerability Reserved
Mar 31, 2026

CVE-2026-34951 Data

JSON