Skip to main content

Salesforce Suite

1 CVEs product

Monthly

CVE-2026-13243 PHP MEDIUM PATCH This Month

Cross-Site Request Forgery in the Drupal Salesforce Suite contrib module (all versions from 0.0.0 up to and including 5.1.3) lets an attacker forge state-changing requests that are executed with the privileges of an authenticated Drupal user who is tricked into loading attacker-controlled content. The Drupal security team (SA-CONTRIB-2026-063) rates it critical, and a fixed release is available; no public exploit code has been identified and EPSS is very low (0.10%, 1st percentile), indicating no observed exploitation activity. Note that the published CVSS vector (UI:N) is atypical for CSRF, which normally depends on victim interaction, so the real-world impact profile should be verified against the vendor advisory.

CSRF Salesforce Suite
NVD
CVSS 3.1
4.8
EPSS
0.1%
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Cross-Site Request Forgery in the Drupal Salesforce Suite contrib module (all versions from 0.0.0 up to and including 5.1.3) lets an attacker forge state-changing requests that are executed with the privileges of an authenticated Drupal user who is tricked into loading attacker-controlled content. The Drupal security team (SA-CONTRIB-2026-063) rates it critical, and a fixed release is available; no public exploit code has been identified and EPSS is very low (0.10%, 1st percentile), indicating no observed exploitation activity. Note that the published CVSS vector (UI:N) is atypical for CSRF, which normally depends on victim interaction, so the real-world impact profile should be verified against the vendor advisory.

CSRF Salesforce Suite
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy