{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T23:58:03.363","vulnerabilities":[{"cve":{"id":"CVE-2026-22583","sourceIdentifier":"security@salesforce.com","published":"2026-01-24T01:15:50.060","lastModified":"2026-02-12T16:12:21.877","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026."},{"lang":"es","value":"Vulnerabilidad de Neutralización Inadecuada de Delimitadores de Argumentos en un Comando ('Inyección de Argumentos') en Salesforce Marketing Cloud Engagement (módulo CloudPagesUrl) permite la Manipulación del Protocolo de Servicios Web. Este problema afecta a Marketing Cloud Engagement: antes del 21 de enero de 2026."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@salesforce.com","type":"Secondary","description":[{"lang":"en","value":"CWE-88"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:salesforce:marketing_cloud_engagement:*:*:*:*:*:*:*:*","versionEndExcluding":"2026-01-21","matchCriteriaId":"5A41CCDE-A5EA-45D6-A009-A6908459C453"}]}]}],"references":[{"url":"https://help.salesforce.com/s/articleView?id=005299346&type=1","source":"security@salesforce.com","tags":["Vendor Advisory"]}]}}]}