Salesforce Suite - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-063

The Salesforce Suite of modules integrates Drupal with Salesforce. The Salesforce module does not properly validate the OAuth handshake during interactive authentication, allowing an attacker to hijack the authorization token and bind the site to an attacker's Salesforce account. This vulnerability is mitigated by the fact that salesforce_oauth submodule must be enabled, and a