Critical severity9.8NVD Advisory· Published Jan 24, 2026· Updated May 15, 2026
CVE-2026-22586
CVE-2026-22586
Description
Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.
Affected products
3cpe:2.3:a:salesforce:marketing_cloud_engagement:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:salesforce:marketing_cloud_engagement:*:*:*:*:*:*:*:*range: <2026-01-21
- (no CPE)range: <2026-01-21
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
1- help.salesforce.com/s/articleViewnvdVendor Advisory
News mentions
1- ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New StoriesThe Hacker News · May 7, 2026