CSRF Vulnerability in Backdrop CMS Salesforce Module
CVE-2026-45430

7.1HIGH

Key Information:

Vendor: Backdrop Cms Contributed Projects
Status: Backdrop-contrib/salesforce
Vendor: CVE Published:; 12 May 2026

🔔 Create Backdrop Cms Contributed Projects Vulnerability Alert

What is CVE-2026-45430?

The Salesforce module for Backdrop CMS, prior to version 1.x-1.0.1, contains a vulnerability that inadequately implements a random state parameter. This flaw fails to secure the authorization flow against Cross-Site Request Forgery (CSRF) attacks, potentially allowing attackers to manipulate user actions without consent. Users of this module are urged to upgrade to the latest version to mitigate this risk.

Affected Version(s)

backdrop-contrib/salesforce 0 < 1.x-1.0.1

References

https://backdropcms.org/security/backdrop-sa-contrib-2026...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
May 12, 2026

CVE-2026-45430 Data

JSON