CVE-2026-22584: Salesforce Uni2TS has a Code Injection vulnerability
(updated )
Improper Control of Generation of Code (‘Code Injection’) vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0.
References
- github.com/SalesforceAIResearch/uni2ts
- github.com/SalesforceAIResearch/uni2ts/commit/7f2d51dd729de018f0f22504f39a8475c6fed1c4
- github.com/SalesforceAIResearch/uni2ts/pull/218
- github.com/SalesforceAIResearch/uni2ts/releases/tag/2.0.0
- github.com/advisories/GHSA-7x99-8x99-xc54
- help.salesforce.com/s/articleView?id=005239354&type=1
- nvd.nist.gov/vuln/detail/CVE-2026-22584
Code Behaviors & Features
Detect and mitigate CVE-2026-22584 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →