CVE-2026-2103

Use of Hard-Coded Cryptographic Key for Password Storage

CVSS 7.1 HIGHEPSS 0.1%CWE-321

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.1EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

06 Feb 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt all stored credentials.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected products

Infor · SyteLine ERP

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://blog.blacklanternsecurity.com/p/cve-2026-2103-infor-syteline-erp