CVE-2026-2298 in Salesforce Marketing Cloud Engagementinfo

Summary

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 30th, 2026.

Responsible

Salesforce

Reservation

02/10/2026

Disclosure

03/23/2026

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
352588	Salesforce Marketing Cloud Engagement Web Services Protocol argument injection	88	Not defined	Official fix	CVE-2026-2298

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Might our Artificial Intelligence support you?

Check our Alexa App!