The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks.Referenceshttps://backdropcms.org/security/backdrop-sa-contrib-2026-001
