ForcedLeak flaw in Salesforce Agentforce exposes CRM data via Prompt Injection

Researchers discovered a critical vulnerability, ForcedLeak (CVSS 9.4), in Salesforce Agentforce that enables indirect prompt injection, risking CRM data exposure. The vulnerability, impacting organizations using Salesforce Agentforce with Web-to-Lead functionality enabled, allows attackers to exfiltrate sensitive data through malicious Web-to-Lead submissions. Salesforce has since patched the issue and enforced allowlist controls.