CVE-2026-25650

MCP Salesforce Connector is a Model Context Protocol (MCP) server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10.

Published Feb 7, 2026

https://github.com/advisories/GHSA-vf6j-c56p-cq58

CVSS ScoreHigh

7.5

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2026-25650

MCP Salesforce Connector is a Model Context Protocol (MCP) server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10.

Published Feb 7, 2026

https://github.com/advisories/GHSA-vf6j-c56p-cq58

CVSS ScoreHigh

7.5


pypi	mcp-salesforce-connector	0.1.0
pypi	mcp-salesforce-connector	0.1.1
pypi	mcp-salesforce-connector	0.1.2
pypi	mcp-salesforce-connector	0.1.3
pypi	mcp-salesforce-connector	0.1.4
pypi	mcp-salesforce-connector	0.1.6
pypi	mcp-salesforce-connector	0.1.8
pypi	mcp-salesforce-connector	0.1.9

Ecosystem	Package	Version


pypi	mcp-salesforce-connector	0.1.0
pypi	mcp-salesforce-connector	0.1.1
pypi	mcp-salesforce-connector	0.1.2
pypi	mcp-salesforce-connector	0.1.3
pypi	mcp-salesforce-connector	0.1.4
pypi	mcp-salesforce-connector	0.1.6
pypi	mcp-salesforce-connector	0.1.8
pypi	mcp-salesforce-connector	0.1.9

Find vulnerabilities. Fix fast with AI.

CVE-2026-25650

CVE-2026-25650