cbcvebase.
CVE-2026-2298
published 2026-03-23

CVE-2026-2298: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement allows Web Services…

PriorityP260critical9.4CVSS 3.1
AVNACLPRNUINSUCHIHAL
EPSS
0.41%
33.0th percentile
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 30th, 2026.

Affected

1 ranges
VendorProductVersion rangeFixed in
salesforcemarketing_cloud_engagement< January 30th, 2026January 30th, 2026
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.