Filtered by vendor Akutishevsky
Subscriptions
Filtered by product Sf-mcp-server
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26029 | 1 Akutishevsky | 1 Sf-mcp-server | 2026-02-12 | 7.5 High |
| sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of child_process.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to execute arbitrary shell commands with the privileges of the MCP server process. | ||||
Page 1 of 1.