CVE-2026-35178 — CRITICAL (9.8)

Q: How severe is CVE-2026-35178?

CVE-2026-35178 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2026-35178?

Check the references section above for vendor advisories and patch information. Affected products include: Forceworkbench Forceworkbench.

Vulnerability Description

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow, which processes attacker-controlled cookie values in an unsafe manner. This vulnerability is fixed in 65.0.0.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Forceworkbench	Forceworkbench	< 65.0.0

Related Weaknesses (CWE)

CWE-94

References

https://github.com/forceworkbench/forceworkbench/pull/869Issue TrackingVendor Advisory
https://github.com/forceworkbench/forceworkbench/security/advisories/GHSA-jw63-mVendor Advisory

FAQ

What is CVE-2026-35178?

CVE-2026-35178 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerab...

How severe is CVE-2026-35178?

CVE-2026-35178 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2026-35178?

Check the references section above for vendor advisories and patch information. Affected products include: Forceworkbench Forceworkbench.