Cyber Posture

CVE-2026-22584

CriticalRCE

Published: 09 January 2026

Published
09 January 2026
Modified
22 January 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0007 22.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22584 is a critical-severity Code Injection (CWE-94) vulnerability in Salesforce Uni2Ts. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely flaw remediation through patching Salesforce Uni2TS beyond version 1.2.0 to eliminate the specific code injection vulnerability.

SI-10 Information Input Validation good match
prevent

Enforces validation of information inputs to prevent improper code generation and injection in Uni2TS.

SI-16 Memory Protection good match
prevent

Implements memory protection safeguards like DEP to block execution of injected code from non-executable files leveraged by the Uni2TS vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Code injection (CWE-94) vulnerability with network vector, no auth/UI required, directly enables remote arbitrary code execution via exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0.

Deeper analysisAI

CVE-2026-22584 is an Improper Control of Generation of Code ('Code Injection') vulnerability, classified as CWE-94, affecting Salesforce Uni2TS on MacOS, Windows, and Linux. The issue, published on 2026-01-09T22:16:01.160, enables attackers to leverage executable code in non-executable files and impacts Uni2TS versions through 1.2.0. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical severity.

Remote attackers can exploit this vulnerability over the network with low complexity, requiring no privileges or user interaction and without changing scope. Successful exploitation results in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution and full system compromise.

Salesforce provides mitigation guidance in their security advisory at https://help.salesforce.com/s/articleView?id=005239354&type=1.

Details

CWE(s)
CWE-94

Affected Products

salesforce
uni2ts
≤ 2.0.0

CVEs Like This One

CVE-2026-22586Same vendor: Salesforce
CVE-2026-22582Same vendor: Salesforce
CVE-2026-22585Same vendor: Salesforce
CVE-2025-23209Shared CWE-94
CVE-2026-39440Shared CWE-94
CVE-2026-3300Shared CWE-94
CVE-2025-6389Shared CWE-94
CVE-2025-8723Shared CWE-94
CVE-2025-34277Shared CWE-94
CVE-2025-57141Shared CWE-94

References