Technical description
Reco's security research team published on June 4, 2026 a demonstration of a fully autonomous LLM agent pipeline that, given a Salesforce Experience Cloud URL, performs unaided: (1) Aura framework enumeration of exposed Salesforce objects, Apex controller methods, and public routes; (2) data sensitivity classification and record extraction as a guest user; (3) detection of Apex fuzzing vectors and SOQL injection; (4) autonomous exploit code generation and execution; and (5) retrieval of external data to construct payloads. In real-world tests against major technology companies' production Salesforce sites, the agent discovered high-severity vulnerabilities, extracted live data, and generated working exploit scripts without human guidance after initial URL provision.
Attack vector
Agentic pipeline with tool-use capabilities: the LLM selects and executes Python skills for each phase (enumeration, analysis, fuzzing, exploitation). The attack surface is unauthenticated exposure of Salesforce Experience Cloud guest APIs — specifically Aura endpoints that expose Apex methods and ContentDocument objects without authentication. Dynamic SOQL built via string concatenation is exploitable once an exposed parameter is identified.
Affected systems
Salesforce Experience Cloud sites with unauthenticated guest-user access to Salesforce Aura endpoints, exposed Apex controller methods, or ContentDocument objects. Organisations using Salesforce Sites for partner portals, customer self-service, or external community access are most at risk.
Mitigation
Audit all Salesforce Experience Cloud guest-user permissions using Salesforce's Guest User Security Controls guide; eliminate unauthenticated access to sensitive Apex methods and ContentDocument objects; replace string-concatenation dynamic SOQL with bind variables; review and restrict the Aura endpoint exposure; implement monitoring for automated enumeration patterns (high-frequency Aura API calls from single IPs or unusual guest sessions).