Skip to main content

Backdrop CMS Salesforce EUVD-2026-29373

| CVE-2026-45430 HIGH
Cross-Site Request Forgery (CSRF) (CWE-352)
2026-05-12 mitre GHSA-v6gq-gxgm-g38r
CSRF
7.1
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low

Lifecycle Timeline

3
Patch available
May 12, 2026 - 05:01 EUVD
Analysis Generated
May 12, 2026 - 04:31 vuln.today
CVE Published
May 12, 2026 - 04:06 nvd
HIGH 7.1

DescriptionNVD

The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks.

AnalysisAI

CSRF vulnerability in Backdrop CMS Salesforce module versions prior to 1.x-1.0.1 allows network attackers to hijack OAuth authorization flows. By exploiting the missing random state parameter in the OAuth implementation, attackers can trick authenticated users into authorizing malicious Salesforce integrations, leading to high confidentiality and integrity impact on integrated Salesforce data. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify all Backdrop CMS instances using the Salesforce module and document current versions in use. Within 7 days: Contact Backdrop CMS vendor for patch availability timeline and interim security guidance; implement network-level controls restricting OAuth redirect URIs to known, whitelisted Salesforce domains. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-29373 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy