CVE-2026-25650 is a vulnerability classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) affecting the smn2gnt MCP-Salesforce Connector, a Model Context Protocol server implementation designed for Salesforce integration. Versions prior to 0.1.10 improperly handle attribute access, allowing attackers to retrieve arbitrary attributes without authentication. This flaw specifically exposes the Salesforce authentication token, a critical credential that grants access to Salesforce resources. The vulnerability can be exploited remotely over the network without any privileges or user interaction, making it highly accessible to attackers. The exposure of the auth token compromises confidentiality, enabling unauthorized access to Salesforce accounts and potentially sensitive business data. The vulnerability was publicly disclosed and assigned a CVSS 4.0 score of 6.6, indicating a medium severity level. The vendor addressed the issue in version 0.1.10 by restricting arbitrary attribute access and securing token handling. No public exploit code or active exploitation has been reported to date. Organizations using affected versions should upgrade promptly to prevent unauthorized data disclosure and potential downstream impacts on Salesforce-integrated workflows.

For European organizations, the exposure of Salesforce authentication tokens can lead to unauthorized access to critical business data, customer information, and internal workflows managed via Salesforce. This can result in data breaches, regulatory non-compliance (e.g., GDPR violations), reputational damage, and operational disruptions. Since Salesforce is widely used across various sectors including finance, healthcare, retail, and public services in Europe, the impact can be significant. Attackers gaining access to Salesforce environments could manipulate sales data, extract sensitive customer records, or disrupt business processes. The vulnerability’s ease of exploitation and lack of required authentication increase the risk profile, especially for organizations that have not updated the MCP-Salesforce Connector. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, emphasizing the need for proactive mitigation.

1. Immediately upgrade the smn2gnt MCP-Salesforce Connector to version 0.1.10 or later to apply the official fix that restricts arbitrary attribute access. 2. Conduct an audit of all Salesforce integrations using the MCP-Salesforce Connector to identify and remediate any instances running vulnerable versions. 3. Rotate Salesforce authentication tokens and credentials that may have been exposed prior to patching to invalidate any compromised tokens. 4. Implement strict access controls and monitoring on Salesforce API usage to detect anomalous access patterns indicative of token misuse. 5. Employ network segmentation and firewall rules to limit exposure of MCP servers to only trusted internal systems and IP ranges. 6. Enable detailed logging and alerting on Salesforce authentication events to quickly identify unauthorized access attempts. 7. Educate development and operations teams about secure handling of authentication tokens and the importance of timely patching of integration components. 8. Review and enhance incident response plans to address potential token compromise scenarios.