Critical severityNVD Advisory· Published Jan 9, 2026· Updated Jan 12, 2026
CVE-2026-22584
CVE-2026-22584
Description
Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
uni2tsPyPI | < 2.0.0 | 2.0.0 |
Affected products
2- Range: 0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-7x99-8x99-xc54ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-22584ghsaADVISORY
- github.com/SalesforceAIResearch/uni2ts/commit/7f2d51dd729de018f0f22504f39a8475c6fed1c4ghsaWEB
- github.com/SalesforceAIResearch/uni2ts/pull/218ghsaWEB
- github.com/SalesforceAIResearch/uni2ts/releases/tag/2.0.0ghsaWEB
- help.salesforce.com/s/articleViewghsaWEB
News mentions
0No linked articles in our index yet.