CVE-2026-26029
HIGHSeverity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionGitHub Advisory
sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of child_process.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to execute arbitrary shell commands with the privileges of the MCP server process.
AnalysisAI
Unsafe command construction in sf-mcp-server's Salesforce CLI integration allows remote code execution when processing user-supplied input through child_process.exec. An attacker can inject arbitrary shell commands that execute with the privileges of the MCP server process, potentially compromising systems running Claude for Desktop with this extension. No patch is currently available.
Technical ContextAI
Classified as CWE-78 (OS Command Injection). sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of child_process.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to execute arbitrary shell commands with the privileges of the MCP server process.
Affected ProductsAI
sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today