Primary

Context

MCP Salesforce Connector Arbitrary Attribute Access Vulnerability Leading to OAuth Token Disclosure

Vulnerability

A vulnerability in MCP Salesforce Connector versions prior to 0.1.10 allows arbitrary attribute access, which can lead to the unauthorized disclosure of Salesforce authentication tokens. This issue has been addressed in version 0.1.10.

Impact

Exploitation of this vulnerability results in the unauthorized disclosure of Salesforce OAuth bearer tokens, which are used for authentication in the MCP Salesforce integration.

Remediation

Users should update to MCP Salesforce Connector version 0.1.10 or later. Additionally, it is recommended to rotate any Salesforce tokens or credentials that were used with the affected version of the connector.

Added: Feb 6, 2026, 7:34 PM

Updated: Feb 6, 2026, 10:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

2.6

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

2.6

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MCP Salesforce Connector Arbitrary Attribute Access Vulnerability Leading to OAuth Token Disclosure

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating