CVE-2026-22584 - Vulnerability Details - OpenCVE

Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Salesforce	Uni2ts

No data.

No data.

No data.

References

Link	Providers
https://help.salesforce.com/s/articleView?id=005239354&type=1

History

Fri, 09 Jan 2026 22:15:00 +0000

Type	Values Removed	Values Added
Description		Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0.
First Time appeared		Salesforce Salesforce uni2ts
Weaknesses		CWE-94
CPEs		cpe:2.3:a:salesforce:uni2ts:::linux:::::* cpe:2.3:a:salesforce:uni2ts:::macos:::::* cpe:2.3:a:salesforce:uni2ts:::windows:::::*
Vendors & Products		Salesforce Salesforce uni2ts
References		https://help.salesforce.com/s/articleView?id=005239354&type=1

MITRE

Status: PUBLISHED

Assigner: Salesforce

Published: 2026-01-09T22:10:02.933Z

Updated: 2026-01-09T22:10:02.933Z

Reserved: 2026-01-07T19:03:25.721Z

Link: CVE-2026-22584

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-01-09T22:16:01.160

Modified: 2026-01-09T22:16:01.160

Link: CVE-2026-22584

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22584", "assignerOrgId": "c9b25dee-ae6d-4083-ba23-638c500cc364", "state": "PUBLISHED", "assignerShortName": "Salesforce", "dateReserved": "2026-01-07T19:03:25.721Z", "datePublished": "2026-01-09T22:10:02.933Z", "dateUpdated": "2026-01-09T22:10:02.933Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["MacOS", "Windows", "Linux"], "product": "Uni2TS", "repo": "https://github.com/SalesforceAIResearch/uni2ts", "vendor": "Salesforce", "versions": [{"lessThanOrEqual": "1.2.0", "status": "affected", "version": "0", "versionType": "git"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:salesforce:uni2ts:*:*:macos:*:*:*:*:*", "versionEndIncluding": "1.2.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:salesforce:uni2ts:*:*:windows:*:*:*:*:*", "versionEndIncluding": "1.2.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:salesforce:uni2ts:*:*:linux:*:*:*:*:*", "versionEndIncluding": "1.2.0", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.<p>This issue affects Uni2TS: through 1.2.0.</p>"}], "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0."}], "impacts": [{"capecId": "CAPEC-35", "descriptions": [{"lang": "en", "value": "CAPEC-35 Leverage Executable Code in Non-Executable Files"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c9b25dee-ae6d-4083-ba23-638c500cc364", "shortName": "Salesforce", "dateUpdated": "2026-01-09T22:10:02.933Z"}, "references": [{"url": "https://help.salesforce.com/s/articleView?id=005239354&type=1"}], "source": {"discovery": "UNKNOWN"}, "tags": ["x_open-source"], "x_generator": {"engine": "Vulnogram 0.5.0"}}}}