ByteOS Network

forceworkbench

Source -

CNANVD

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-35178

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-9.3||CRITICAL

EPSS-0.31% / 53.87%

7 Day CHG-0.20%

Published-06 Apr, 2026 | 19:01

Updated-16 Apr, 2026 | 04:10

Workbench Affected by Remote Code Execution (RCE) via Malicious Cookie in Timezone Conversion

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow, which processes attacker-controlled cookie values in an unsafe manner. This vulnerability is fixed in 65.0.0.

Vendor-forceworkbench forceworkbench

Product-forceworkbench forceworkbench

CWE ID-CWE-94

Improper Control of Generation of Code ('Code Injection')

CVE-2026-34951

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-5.1||MEDIUM

EPSS-0.03% / 9.32%

7 Day CHG~0.00%

Published-06 Apr, 2026 | 15:58

Updated-14 Apr, 2026 | 20:28

Reflected XSS in footer.php in Workbench Allows Attackers to Hijack Authenticated Sessions

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains a reflected cross-site scripting vulnerability via the footerScripts parameter, which does not sanitize user-supplied input before rendering it in the page response. Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Workbench allows XSS Targeting Error Pages. This vulnerability is fixed in 65.0.0.

Vendor-salesforce forceworkbench

Product-workbench forceworkbench

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')