Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CSRF requires victim interaction (UI:R) so PR:N applies to the attacker but a logged-in victim is needed; impact is primarily unauthorized state change (I:H), with limited confidentiality and no direct availability effect.
Primary rating from Vendor (drupal).
CVSS VectorVendor: drupal
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
7DescriptionCVE.org
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3.
AnalysisAI
Cross-Site Request Forgery in the Drupal Salesforce Suite contrib module (all versions from 0.0.0 up to and including 5.1.3) lets an attacker forge state-changing requests that are executed with the privileges of an authenticated Drupal user who is tricked into loading attacker-controlled content. The Drupal security team (SA-CONTRIB-2026-063) rates it critical, and a fixed release is available; no public exploit code has been identified and EPSS is very low (0.10%, 1st percentile), indicating no observed exploitation activity. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a Drupal site running the Salesforce Suite module (version ≤5.1.3) and a victim who is currently authenticated to that site with the privileges needed for the targeted action; the attacker must induce that victim to load attacker-controlled content (malicious link, page, or embedded request) while their Drupal session is active. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals conflict and should be weighed carefully rather than taken at the 9.8 face value. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious web page or email containing an auto-submitting form or embedded request targeting a state-changing endpoint of the Salesforce Suite module. When an authenticated Drupal user with the relevant permissions visits the page while logged in, their browser silently sends the forged request, causing the module to perform an unwanted action (e.g., altering Salesforce integration configuration or mappings) under the victim's identity. … |
| Remediation | Patch available per vendor advisory: upgrade the Salesforce Suite module to the fixed release referenced in Drupal SA-CONTRIB-2026-063 (https://www.drupal.org/sa-contrib-2026-063) - the exact patched version is not stated in the provided data, so confirm it from the advisory rather than assuming (the fix is expected in the first release above 5.1.3). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, inventory all Drupal instances running Salesforce Suite module (versions ≤5.1.3) and identify those handling sensitive Salesforce data. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43067
GHSA-585m-5jj4-5474