Platform
javascript
Component
forceworkbench
Fixed in
65.0.1
CVE-2026-35178 describes a Remote Code Execution (RCE) vulnerability discovered in Salesforce Workbench. This vulnerability arises from the insecure handling of attacker-controlled cookie values during timezone conversion, potentially allowing unauthorized code execution within the Workbench environment. The vulnerability affects versions prior to 65.0.0 and has been resolved in version 65.0.0.
Successful exploitation of CVE-2026-35178 could grant an attacker complete control over the system running Salesforce Workbench. This could involve data exfiltration, modification of Salesforce data, installation of malicious software, or even pivoting to other systems within the network. The blast radius extends to any sensitive data stored within the Salesforce organization managed by Workbench, and the attacker could potentially compromise the entire Salesforce instance. This vulnerability highlights the importance of secure cookie handling and input validation in web applications, particularly those interacting with sensitive data.
CVE-2026-35178 was publicly disclosed on 2026-04-06. There are currently no publicly available proof-of-concept exploits. The vulnerability's impact is significant due to the potential for remote code execution, but the lack of public exploits suggests a low to medium probability of exploitation at present. Monitor security advisories and threat intelligence feeds for any updates.
Exploit Status
EPSS
0.67% (71% percentile)
CISA SSVC
The primary mitigation for CVE-2026-35178 is to immediately upgrade Salesforce Workbench to version 65.0.0 or later. If upgrading is not immediately feasible, consider implementing stricter cookie validation and sanitization measures within the Workbench environment. While a direct WAF rule is unlikely to be effective, reviewing and tightening access controls to Workbench, limiting its exposure, and regularly auditing its configuration can reduce the attack surface. After upgrading, confirm the fix by attempting a timezone conversion with a crafted cookie and verifying that the application does not execute arbitrary code.
Update Workbench to version 65.0.0 or later to mitigate the remote code execution (RCE) vulnerability. This update corrects the way attacker-controlled cookie values are handled during timezone conversion, preventing malicious code execution.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-35178 is a Remote Code Execution vulnerability in Salesforce Workbench versions before 65.0.0, allowing attackers to potentially execute code through insecure cookie processing.
If you are using Salesforce Workbench versions prior to 65.0.0, you are potentially affected by this vulnerability. Check your current version and upgrade immediately.
The recommended fix is to upgrade Salesforce Workbench to version 65.0.0 or later. If immediate upgrade is not possible, implement stricter cookie validation.
As of now, there are no publicly known active exploits for CVE-2026-35178, but the potential for exploitation remains due to the RCE nature of the vulnerability.
Refer to the official Salesforce security advisory for detailed information and updates regarding CVE-2026-35178.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.