VYPR
Critical severity9.8NVD Advisory· Published Jan 24, 2026· Updated May 15, 2026

CVE-2026-22586

CVE-2026-22586

Description

Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.

Affected products

3
  • cpe:2.3:a:salesforce:marketing_cloud_engagement:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:salesforce:marketing_cloud_engagement:*:*:*:*:*:*:*:*range: <2026-01-21
    • (no CPE)range: <2026-01-21
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

1

News mentions

1