RCE in Forceworkbench

CVE-2026-35178

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.003 (56.4th percentile) — read the EPSS interpretation.

Affected products

Forceworkbench — versions < 65.0.0

Weakness classification (CWE)

CWE-94 — Code Injection

References

https://github.com/forceworkbench/forceworkbench/security/advisories/GHSA-jw63-m86r-2jxc (x_refsource_CONFIRM)
https://github.com/forceworkbench/forceworkbench/pull/869 (x_refsource_MISC)