CVE-2026-25650

Publication date

2026-02-06 18:53:58

Family

GitHub_M

State

PUBLISHED

Description

MCP Salesforce Connector is a Model Context Protocol (MCP) server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10.