Threat Advisories - NVD Disclosed January 24, 2026

CVE-2026-22586

Salesforce Marketing Cloud data exposed by weak encryption key

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

Salesforce Marketing Cloud Engagement has a critical flaw in its public-facing marketing tools allowing unauthorized access and manipulation of sensitive customer data due to a hard-coded encryption key.

NVD published: January 24, 2026