CVE-2026-2103

HIGH

Infor SyteLine ERP - Info Disclosure

Title source: llm

Description

Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt all stored credentials.

References (1)

[Exploit, Third Party Advisory] https://blog.blacklanternsecurity.com/p/cve-2026-2103-infor-syteline-erp

Scores

CVSS v3 7.1

EPSS 0.0001

EPSS Percentile 0.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Classification

CWE

CWE-798 CWE-321

Status published

Affected Products (1)

infor/syteline_erp

Timeline

Published Feb 06, 2026

Tracked Since Feb 18, 2026