cbcvebase.
CVE-2026-22585
published 2026-01-24

CVE-2026-22585: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center…

PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.38%
30.1th percentile
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.

Affected

2 ranges
VendorProductVersion rangeFixed in
salesforcemarketing_cloud_engagement< January 21, 2026January 21, 2026
salesforcemarketing_cloud_engagement< 2026-01-212026-01-21
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.