What is the CVSS score of CVE-2026-2103?

CVE-2026-2103 has a CVSS 3.1 base score of 7.1 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Syteline Erp are affected by CVE-2026-2103?

Syteline ERP systems running version 10.0.8803.16889 or earlier contain a hard-coded cryptographic key vulnerability that could allow unauthorized access to sensitive financial and operational data.

Is there a public PoC exploit available for CVE-2026-2103?

Yes, a public proof-of-concept exploit is available for CVE-2026-2103. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-2103?

Within 24 hours: Identify all systems running Syteline ERP versions up to 10.0.8803.16889 and isolate them from untrusted networks. Within 7 days: Implement network segmentation to restrict access to Syteline instances to authorized personnel only, deploy WAF rules to monitor for exploitation attempts, and contact Syteline for patch availability and timeline. Within 30 days: Rotate all cryptographic keys and credentials associated with Syteline, conduct forensic analysis for unauthorized access attempts, and plan migration to patched version upon availability.

Syteline Erp CVE-2026-2103

HIGH

Use of Hard-coded Cryptographic Key (CWE-321)

2026-02-06 cves@blacklanternsecurity.com

Information Disclosure Syteline Erp

7.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.1 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 17, 2026 - 15:46 vuln.today

Public exploit code

CVE Published

Feb 06, 2026 - 17:16 nvd

HIGH 7.1

DescriptionCVE.org

Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt all stored credentials.

AnalysisAI

Syteline Erp versions up to 10.0.8803.16889 is affected by use of hard-coded cryptographic key (CVSS 7.1).

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Obtain SyteLine application binary

Delivery

Extract hard-coded encryption keys

Exploit

Access SyteLine database

Execution

Decrypt stored credentials

Impact

Retrieve user passwords and API keys