Cyber Resilience

CVE-2026-2103

HighPublic PoC

Published: 06 February 2026

Published
06 February 2026
Modified
17 February 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0001 2.0th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-2103 is a high-severity Use of Hard-coded Cryptographic Key (CWE-321) vulnerability in Infor Syteline Erp. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unsecured Credentials (T1552); ranked at the 2.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-12 (Cryptographic Key Establishment and Management) and SC-28 (Protection of Information at Rest).

Deeper analysis

CVE-2026-2103 is a vulnerability in Infor SyteLine ERP that involves the use of hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. These keys are identical across all installations, enabling decryption of sensitive data by anyone with access to the application binary and database. The issue is linked to CWE-321 (Use of Hard-coded Cryptographic Key) and CWE-798 (Use of Hard-coded Credentials), with a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N), indicating high confidentiality and integrity impacts.

An attacker requires local access to the affected system with low privileges to exploit this vulnerability. By obtaining the application binary and database, they can decrypt all stored credentials, potentially leading to unauthorized access to user accounts, databases, and APIs protected by those credentials.

For details on mitigation, including any patches or workarounds, refer to the advisory at https://blog.blacklanternsecurity.com/p/cve-2026-2103-infor-syteline-erp.

EU & UK References

Vulnerability details

Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can…

more

decrypt all stored credentials.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Why these techniques?

Hard-coded static keys (CWE-321/798) directly enable decryption and recovery of stored credentials (passwords, DB strings, API keys) from the application binary + database.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-31986Shared CWE-321
CVE-2026-33362Shared CWE-321
CVE-2025-15605Shared CWE-321, CWE-798
CVE-2025-1242Shared CWE-798
CVE-2025-14923Shared CWE-321, CWE-798
CVE-2024-54027Shared CWE-321
CVE-2026-5065Shared CWE-798
CVE-2024-52902Shared CWE-798
CVE-2024-13773Shared CWE-321, CWE-798
CVE-2026-40636Shared CWE-798

Affected Assets

infor
syteline erp
10.0.8803.16889

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires proper cryptographic key establishment and management processes that directly prohibit the use of hard-coded, static, identical keys across installations for protecting credentials.

prevent

Mandates cryptographic protection of information at rest using mechanisms that cannot rely on embedded static keys extractable from binaries.

prevent

Requires secure authenticator management, including storage of passwords and credentials, precluding weak hard-coded encryption that exposes them to local attackers.

References