Agentforce Marketing A.I CyberSecurity Scoring
Agentforce Marketing
Company Information
Website:http://www.salesforce.com/marketingcloud
Employees number:4
Number of followers:151,711
NAICS:5112
Industry Type:Software Development
Homepage:salesforce.com
Agentforce Marketing Risk Score (AI oriented)
Between 700 and 749
Agentforce MarketingSoftware Development
Updated:
06/05/2026
06/05/2026
748/1000
Moderate
Ba
Agentforce Marketing Global Score (TPRM)
xxxx
Agentforce MarketingSoftware Development
Score locked

Agentforce MarketingModerate
Current Score
748Ba (MODERATE)
01000
1 incidents
-3 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
748
JUNE 2026
748
MAY 2026
748
APRIL 2026
748
MARCH 2026
747
FEBRUARY 2026
747
JANUARY 2026
750
Vulnerability
16 Jan 2026 • Agentforce Marketing
Fortune 500 organizations and Salesforce: Salesforce Marketing Cloud Vulnerability Exposes Email Data Risk
Salesforce Marketing Cloud Patches Critical Vulnerabilities Exposing Subscriber Data
747
CRITICAL-3
SALFOR1778063116
Salesforce Marketing Cloud Patches Critical Vulnerabilities Exposing Subscriber Data
Salesforce recently addressed a series of high-severity vulnerabilities in its Marketing Cloud (SFMC) platform that could have allowed attackers to access and exfiltrate marketing emails, subscriber records, and engagement data across multiple tenants including Fortune 500 organizations.
The flaws stemmed from weaknesses in SFMC’s server-side templating and encryption mechanisms. AMPScript and SSJS, used for dynamic email personalization, included functions like TreatAsContent that enabled template injection. Attackers could exploit this by embedding malicious payloads in user-controlled fields (e.g., name fields), which would execute during template evaluation. Once injected, built-in functions like LookupRows allowed queries against internal data views, exposing subscriber lists, sent emails, and tracking data.
A more severe issue involved SFMC’s "view email in browser" and CloudPages features, which relied on encrypted query strings (qs parameters) to authenticate users. Researchers at Searchlight Cyber discovered that the older "classic" qs format used unauthenticated CBC encryption with a padding oracle vulnerability, enabling decryption and re-encryption of parameters. Additionally, a legacy XOR-based encryption scheme with a static key allowed rapid decryption of sensitive identifiers like JobID and ListSubscriber. Since SFMC reused a single static encryption key across tenants, attackers could forge qs tokens to access emails and subscriber data from other organizations.
The vulnerabilities, reported on 16 January 2026, were mitigated between 21–24 January 2026. Salesforce migrated to AES-GCM encryption, rotated keys, disabled double evaluation of email subject templates, and invalidated all legacy tracking and CloudPages links created before 21 January 2026 (23:00 UTC). No confirmed malicious exploitation was reported.
The incident underscores risks in shared SaaS infrastructure, where template engines and cryptographic flaws can expose high-value marketing data at scale. Salesforce assigned multiple CVEs to address broken encryption, hard-coded keys, and argument injection in MicrositeURL and CloudPages workflows.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
DECEMBER 2025
750
NOVEMBER 2025
750
OCTOBER 2025
750
SEPTEMBER 2025
750
AUGUST 2025
750
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Agentforce Marketing ??
What was Agentforce Marketing's A.I Rankiteo Cyber Score in June 2026 ??
What was Agentforce Marketing's A.I Rankiteo Cyber Score in May 2026 ??
What was Agentforce Marketing's A.I Rankiteo Cyber Score in April 2026 ??
What was Agentforce Marketing's A.I Rankiteo Cyber Score in March 2026 ??
What was Agentforce Marketing's A.I Rankiteo Cyber Score in February 2026 ??
What was Agentforce Marketing's A.I Rankiteo Cyber Score in January 2026 ??
What was Agentforce Marketing's A.I Rankiteo Cyber Score in December 2025 ??
What was Agentforce Marketing's A.I Rankiteo Cyber Score in November 2025 ??
What was Agentforce Marketing's A.I Rankiteo Cyber Score in October 2025 ??
What was Agentforce Marketing's A.I Rankiteo Cyber Score in September 2025 ??
What was Agentforce Marketing's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Agentforce Marketing's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Agentforce Marketing ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Agentforce Marketing's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?