Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection - The Hacker News

Salesforce Agentforce was susceptible to a critical indirect prompt injection vulnerability, codenamed ForcedLeak (CVSS 9.4). This flaw allowed attackers to exf...