CVE-2026-35178CRITICAL 9.8EPSS p38.3%

CVE-2026-35178CVE-2026-35178

Description

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow, which processes attacker-controlled cookie values in an unsafe manner. This vulnerability is fixed in 65.0.0.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.49% probability of exploitation · percentile 38.3% · 2026-06-18T12:00:27Z
Published2026-04-06
Last modified2026-04-16

Underlying weaknesses· 1

CWE-94

References

  1. https://github.com/forceworkbench/forceworkbench/pull/869
  2. https://github.com/forceworkbench/forceworkbench/security/advisories/GHSA-jw63-m86r-2jxc

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-15560
CVE
CVE-2026-22584
CVE
CVE-2026-2418
CVE
CVE-2026-2740
CVE
CVE-2026-29102
CVE
CVE-2026-22582
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.