CVE-2026-45430

Summary

The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks.

Affected Software

VendorProductVersion RangeStatus
Backdrop CMS contributed projectsbackdrop-contrib/salesforce0 < 1.x-1.0.1affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References