CNNVD-202602-967 Information

CNNVD ID

CNNVD-202602-967

Related CVE

CVE-2026-25650

• CNNVD Published: 2026-02-06

Description (Chinese)

MCP Salesforce Connector是Suman个人开发者的一个上下文协议服务器。 MCP Salesforce Connector 0.1.10之前版本存在信息泄露漏洞，该漏洞源于任意属性访问可能导致Salesforce身份验证令牌泄露。

Description (English)

MCP Salesforce Contractor is a context protocol server for Suman personal developers. MCP Salesforce Contractor 0.1.10 had an information leakage loophole, which stemmed from arbitrary attribute access that could lead to the disclosure of the Salesforce identification badge.

Hazard Level

High

Vulnerability Type

信息泄露

Affected Vendor

个人开发者

Published

2026-02-06

Last Modified

2026-02-24

References

https://github.com/smn2gnt/MCP-Salesforce/commit/a1e3a5a786f48508d066b6d40b58201ebf9b7fd6 https://github.com/smn2gnt/MCP-Salesforce/releases/tag/v0.1.10 https://github.com/smn2gnt/MCP-Salesforce/security/advisories/GHSA-vf6j-c56p-cq58

Patch

https://github.com/smn2gnt/MCP-Salesforce/releases