ForcedLeak flaw in Salesforce Agentforce exposes CRM data via Prompt Injection

Researchers disclosed a critical flaw, named ForcedLeak, in Salesforce Agentforce that enables indirect prompt injection, risking CRM data exposure. Noma Labs researchers discovered a critical vulnerability, named ForcedLeak (CVSS 9.4), in Salesforce Agentforce that could be exploited by attackers to exfiltrate sensitive CRM data through an indirect prompt injection attack. The vulnerability only impacts organizationsSecurity AffairsRead More