Vulnerability Details CVE-2026-25650
MCP Salesforce Connector is a Model Context Protocol (MCP) server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.7%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2026-25650
-
cpe:2.3:a:smn2gnt:mcp_salesforce_connector:*