CVE-2026-2298

Published: Mar 23, 2026

Modified: Apr 29, 2026

PUBLISHED

Description

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 30th, 2026.

Vendor	Product	Versions
Salesforce	Marketing Cloud Engagement	affected `0 - < January 30th, 2026`

Weaknesses (CWE)

CWE-88

References

https://help.salesforce.com/s/articleView?id=005299346&type=1

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-2298

Description

Affected Products

Weaknesses (CWE)

References