CVE-2026-25650 in MCP-Salesforce
Summary
by MITRE • 02/06/2026
MCP Salesforce Connector is a Model Context Protocol (MCP) server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 02/26/2026
The MCP Salesforce Connector represents a critical security flaw within the Model Context Protocol ecosystem that facilitates integration between Salesforce and various applications. This vulnerability exists in versions prior to 0110 and stems from improper access controls that allow unauthorized attribute access within the connector implementation. The flaw specifically affects the authentication token handling mechanism, creating a pathway for attackers to extract sensitive Salesforce authentication credentials. The vulnerability demonstrates a clear lack of proper input validation and access control enforcement within the connector's attribute resolution system, which operates under the Model Context Protocol framework that governs how applications interact with external services.
The technical implementation of this vulnerability involves a direct attribute access flaw that enables attackers to bypass normal authentication mechanisms and retrieve Salesforce authorization tokens. This represents a classic case of insecure direct object reference where the connector fails to properly validate access requests to sensitive authentication attributes. The flaw operates at the application level within the connector's server implementation, allowing malicious actors to exploit the attribute access pattern to extract session tokens that would normally be protected. This vulnerability directly maps to CWE-284 Access Control Issues and specifically manifests as improper access control within the authentication token handling subsystem. The attack vector exploits the connector's failure to implement proper authentication checks before allowing access to sensitive attributes, creating a path for privilege escalation and unauthorized access to Salesforce resources.
The operational impact of this vulnerability extends beyond simple credential theft, as the extracted Salesforce authentication tokens can be used to gain full access to connected Salesforce environments and their associated data. Attackers could leverage these tokens to perform unauthorized data access, modify records, execute administrative functions, and potentially escalate privileges within the Salesforce ecosystem. The vulnerability's persistence across multiple versions indicates a fundamental flaw in the connector's security architecture that required a dedicated patch to resolve. Organizations using affected versions face significant risk of data breaches, compliance violations, and potential regulatory penalties due to unauthorized access to sensitive Salesforce data. The impact is particularly severe given that Salesforce typically hosts highly sensitive business and customer data, making this vulnerability a prime target for malicious actors seeking to exploit enterprise security gaps.
Mitigation strategies for this vulnerability require immediate deployment of the patched version 0110 and comprehensive security assessment of all affected systems. Organizations should implement additional monitoring for unauthorized access attempts and establish network-level controls to limit access to the connector service. Security teams must conduct thorough vulnerability assessments to identify any potential exploitation attempts and implement proper access controls for all attribute access points within the connector. The fix addresses the root cause by implementing proper access validation and authentication checks before allowing attribute resolution. Organizations should also consider implementing token rotation mechanisms and multi-factor authentication for Salesforce environments to reduce the impact of any potential token compromise. This vulnerability highlights the importance of proper access control implementation in protocol-based integrations and underscores the necessity of regular security updates and vulnerability assessments for integration components. The remediation process should include comprehensive testing to ensure that the patch does not introduce regressions in functionality while effectively closing the attribute access vulnerability that could lead to unauthorized Salesforce authentication token disclosure.