Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection

A critical vulnerability, ForcedLeak (CVSS score: 9.4), was discovered in Salesforce Agentforce, potentially allowing attackers to exfiltrate sensitive CRM data through AI prompt injection. The vulnerability, impacting organizations using Web-to-Lead functionality, exploits weaknesses in context validation and overly permissive AI model behavior. Salesforce has patched the vulnerability by enforcing a URL allowlist mechanism and recommends users audit lead data and implement strict input validation.