Skip to main content

Salesforce Suite CVE-2026-13243

| EUVDEUVD-2026-43067 MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2026-07-10 drupal GHSA-585m-5jj4-5474
4.8
CVSS 3.1 · Vendor: drupal
Share

Severity by source

Vendor (drupal) PRIMARY
4.8 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
vuln.today AI
7.1 HIGH

CSRF requires victim interaction (UI:R) so PR:N applies to the attacker but a logged-in victim is needed; impact is primarily unauthorized state change (I:H), with limited confidentiality and no direct availability effect.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (drupal).

CVSS VectorVendor: drupal

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

7
Severity Changed
Jul 13, 2026 - 19:22 NVD
CRITICAL MEDIUM
CVSS changed
Jul 13, 2026 - 19:22 NVD
9.8 (CRITICAL) 4.8 (MEDIUM)
Analysis Generated
Jul 13, 2026 - 19:08 vuln.today
CVSS changed
Jul 13, 2026 - 19:07 NVD
9.8 (CRITICAL)
Patch available
Jul 10, 2026 - 23:02 EUVD
CVE Published
Jul 10, 2026 - 21:44 cve.org
CRITICAL 9.8
CVE Published
Jul 10, 2026 - 21:44 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3.

AnalysisAI

Cross-Site Request Forgery in the Drupal Salesforce Suite contrib module (all versions from 0.0.0 up to and including 5.1.3) lets an attacker forge state-changing requests that are executed with the privileges of an authenticated Drupal user who is tricked into loading attacker-controlled content. The Drupal security team (SA-CONTRIB-2026-063) rates it critical, and a fixed release is available; no public exploit code has been identified and EPSS is very low (0.10%, 1st percentile), indicating no observed exploitation activity. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Host malicious page with forged request
Delivery
Lure authenticated Drupal user to visit
Exploit
Browser auto-submits request with session cookie
Execution
Module executes action without CSRF token check
Impact
Unauthorized state change as victim

Vulnerability AssessmentAI

Exploitation Exploitation requires a Drupal site running the Salesforce Suite module (version ≤5.1.3) and a victim who is currently authenticated to that site with the privileges needed for the targeted action; the attacker must induce that victim to load attacker-controlled content (malicious link, page, or embedded request) while their Drupal session is active. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals conflict and should be weighed carefully rather than taken at the 9.8 face value. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious web page or email containing an auto-submitting form or embedded request targeting a state-changing endpoint of the Salesforce Suite module. When an authenticated Drupal user with the relevant permissions visits the page while logged in, their browser silently sends the forged request, causing the module to perform an unwanted action (e.g., altering Salesforce integration configuration or mappings) under the victim's identity. …
Remediation Patch available per vendor advisory: upgrade the Salesforce Suite module to the fixed release referenced in Drupal SA-CONTRIB-2026-063 (https://www.drupal.org/sa-contrib-2026-063) - the exact patched version is not stated in the provided data, so confirm it from the advisory rather than assuming (the fix is expected in the first release above 5.1.3). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory all Drupal instances running Salesforce Suite module (versions ≤5.1.3) and identify those handling sensitive Salesforce data. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-13243 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy