CVE-2026-2103
Published: 06 February 2026
Summary
CVE-2026-2103 is a high-severity Use of Hard-coded Cryptographic Key (CWE-321) vulnerability in Infor Syteline Erp. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unsecured Credentials (T1552); ranked at the 1.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Supplier evaluation and secure acquisition practices make it harder for hard-coded credentials to be introduced via procured products.
Requiring security functional requirements and acceptance criteria allows contracts to prohibit hard-coded credentials in delivered systems or components.
Supplier risk reviews identify and discourage hard-coded credentials in delivered products or services.
Enables users to notice when hard-coded credentials have been exploited for unauthorized access.
Security training explicitly warns against hard-coded credentials, lowering their use in systems.
Policy and procedures prohibit hard-coded credentials in favor of managed authentication.
External identity providers eliminate the need for hard-coded credentials in applications.
Changing default authenticators prior to first use and protecting content prevents use of hard-coded credentials.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Hard-coded static keys (CWE-321/798) directly enable decryption and recovery of stored credentials (passwords, DB strings, API keys) from the application binary + database.
NVD Description
Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can…
more
decrypt all stored credentials.
Deeper analysisAI
CVE-2026-2103 is a vulnerability in Infor SyteLine ERP that involves the use of hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. These keys are identical across all installations, enabling decryption of sensitive data by anyone with access to the application binary and database. The issue is linked to CWE-321 (Use of Hard-coded Cryptographic Key) and CWE-798 (Use of Hard-coded Credentials), with a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N), indicating high confidentiality and integrity impacts.
An attacker requires local access to the affected system with low privileges to exploit this vulnerability. By obtaining the application binary and database, they can decrypt all stored credentials, potentially leading to unauthorized access to user accounts, databases, and APIs protected by those credentials.
For details on mitigation, including any patches or workarounds, refer to the advisory at https://blog.blacklanternsecurity.com/p/cve-2026-2103-infor-syteline-erp.
Details
- CWE(s)