HIGHCVE-2026-45430Published 2026-05-12Modified 2026-05-12CNA mitre

CVE-2026-45430: The Salesforce module before 1

The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks.

CVSS v3.1: 7.1
Severity: HIGH
Fixed in: 1.x-1.0.1
Affected Products: 1

Fix available

1.x-1.0.1

Affected packages

Backdrop CMS contributed projects / backdrop-contrib/salesforce
< 1.x-1.0.1 (from 0)

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L

References

backdropcms.org

Metrics

Fix available