CVE-2026-8958

Infor · Security: Process Sandboxing component

An information disclosure and sandbox escape vulnerability exists in the Infor Security: Process Sandboxing component.

Executive summary

A critical vulnerability in Infor's process sandboxing component allows for information disclosure and sandbox escape, threatening the isolation of secure processes.

Vulnerability

This vulnerability involves both information disclosure and a sandbox escape within the process sandboxing architecture. It indicates a failure to maintain process isolation, potentially allowing an attacker to gain access to system memory or restricted resources.

Business impact

A sandbox escape is a severe security failure that compromises the fundamental isolation of the application, potentially leading to full system compromise or unauthorized access to sensitive business data. With a CVSS score of 8.6, this vulnerability represents a high-priority risk requiring immediate mitigation.

Remediation

Immediate Action: Apply security updates provided by Infor immediately to restore the integrity of the process sandboxing mechanism.

Proactive Monitoring: Monitor system logs for signs of unauthorized process access or attempts to escape execution boundaries.

Compensating Controls: Ensure that the underlying operating system is hardened and that the application is running with the principle of least privilege to minimize the impact of a potential escape.

Exploitation status

Public Exploit Available: false

Analyst recommendation

This vulnerability carries a significant threat to system integrity. Administrators should prioritize the application of patches from Infor as soon as they become available to prevent potential sandbox breakouts and subsequent unauthorized access to the host environment.