CVE-2026-22586 – Salesforce Marketing Cloud Engagement
“When marketing platforms are exposed, customer data becomes the target.”
The latest Salesforce Marketing Cloud Engagement patch resolves multiple critical vulnerabilities that could allow unauthorized access, data exposure, or system manipulation within marketing automation workflows. These issues impact core services responsible for handling customer data, campaign execution, and integrations, creating significant risk for organizations relying on the platform for large-scale customer engagement.
CVE-2026-22585 has a CVSS score of 9.8, which is Critical severity.
CVE-2026-22586 has a CVSS score of 9.8, which is Critical severity.
CVE-2026-22582 has a CVSS score of 9.8, which is Critical severity.
CVE-2026-22583 has a CVSS score of 9.8, which is Critical severity.
CVE-2026-2298 has a CVSS score of 9.4, which is Critical severity.
The patch closes multiple high-impact attack paths that could expose sensitive customer data and disrupt marketing operations. There is no verified evidence of public exploitation or proof-of-concept code at this time, but the concentration of critical vulnerabilities significantly elevates the urgency to apply updates.
Key Details
- Affected Product
- Salesforce Marketing Cloud Engagement
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-321