CVE-2026-25650 – The MCP Salesforce Connector prior to version 0... (How to Fix)

Q: What is the severity of CVE-2026-25650?

CVE-2026-25650 has a CVSS score of 7.5 (HIGH). The MCP Salesforce Connector prior to version 0.1.10 allows arbitrary attribute access that can lead to disclosure of Salesforce authentication tokens. This vulnerability affects any system running the vulnerable MCP Salesforce Connector software. Attackers could potentially access sensitive Salesforce credentials through this flaw.

📋 TL;DR

The MCP Salesforce Connector prior to version 0.1.10 allows arbitrary attribute access that can lead to disclosure of Salesforce authentication tokens. This vulnerability affects any system running the vulnerable MCP Salesforce Connector software. Attackers could potentially access sensitive Salesforce credentials through this flaw.

💻 Affected Systems

Products:

MCP Salesforce Connector

Versions: All versions prior to 0.1.10

Operating Systems: Any OS running the MCP Salesforce Connector

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all deployments using vulnerable versions regardless of configuration

📦 What is this software?

Mcp Salesforce Connector by Smn2gnt

View all CVEs affecting Mcp Salesforce Connector →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full compromise of Salesforce account with access to sensitive customer data, financial records, and business operations

🟠

Likely Case

Unauthorized access to Salesforce data and potential account takeover

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring

🌐 Internet-Facing: HIGH - If exposed to internet, attackers can directly exploit to steal credentials

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit to escalate privileges

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The advisory suggests arbitrary attribute access leads directly to token disclosure

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.1.10

Vendor Advisory: https://github.com/smn2gnt/MCP-Salesforce/security/advisories/GHSA-vf6j-c56p-cq58

Restart Required: Yes

Instructions:

1. Stop the MCP Salesforce Connector service. 2. Update to version 0.1.10 using package manager or manual installation. 3. Restart the service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Network Isolation

all

Restrict network access to the MCP Salesforce Connector to only trusted systems

Service Account Restriction

all

Use least privilege Salesforce service account with minimal permissions

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the connector
Monitor for unusual access patterns to the MCP Salesforce Connector and review Salesforce audit logs

🔍 How to Verify

Check if Vulnerable:

Check the installed version of MCP Salesforce Connector. If version is below 0.1.10, the system is vulnerable.

Check Version:

Check package manager or run the MCP Salesforce Connector with --version flag

Verify Fix Applied:

Confirm version is 0.1.10 or higher and test that Salesforce authentication tokens are no longer accessible via arbitrary attribute requests

📡 Detection & Monitoring

Log Indicators:

Unusual attribute access patterns in MCP logs
Multiple failed authentication attempts followed by successful token access

Network Indicators:

Unexpected requests to MCP Salesforce Connector endpoints from unauthorized sources

SIEM Query:

source="mcp-salesforce" AND (attribute_access="*" OR token_access="*")

📊 Metadata

CVE ID: CVE-2026-25650

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-200

EPSS Score: 0.05% exploit probability (16.2th percentile)

Published: February 6, 2026

Last Updated: February 24, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-25650, you might also want to check these: