CVE-2026-2103
Published: 06 February 2026
Summary
CVE-2026-2103 is a high-severity Use of Hard-coded Cryptographic Key (CWE-321) vulnerability in Infor Syteline Erp. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unsecured Credentials (T1552); ranked at the 2.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-12 (Cryptographic Key Establishment and Management) and SC-28 (Protection of Information at Rest).
Deeper analysis
CVE-2026-2103 is a vulnerability in Infor SyteLine ERP that involves the use of hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. These keys are identical across all installations, enabling decryption of sensitive data by anyone with access to the application binary and database. The issue is linked to CWE-321 (Use of Hard-coded Cryptographic Key) and CWE-798 (Use of Hard-coded Credentials), with a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N), indicating high confidentiality and integrity impacts.
An attacker requires local access to the affected system with low privileges to exploit this vulnerability. By obtaining the application binary and database, they can decrypt all stored credentials, potentially leading to unauthorized access to user accounts, databases, and APIs protected by those credentials.
For details on mitigation, including any patches or workarounds, refer to the advisory at https://blog.blacklanternsecurity.com/p/cve-2026-2103-infor-syteline-erp.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-5665
Vulnerability details
Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can…
more
decrypt all stored credentials.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Hard-coded static keys (CWE-321/798) directly enable decryption and recovery of stored credentials (passwords, DB strings, API keys) from the application binary + database.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires proper cryptographic key establishment and management processes that directly prohibit the use of hard-coded, static, identical keys across installations for protecting credentials.
Mandates cryptographic protection of information at rest using mechanisms that cannot rely on embedded static keys extractable from binaries.
Requires secure authenticator management, including storage of passwords and credentials, precluding weak hard-coded encryption that exposes them to local attackers.