CVE-2026-8965

Infor · Multiple Products

A vulnerability in the DOM: Security component of Infor products may result in unauthorized information disclosure.

Executive summary

A critical information disclosure vulnerability within the Infor DOM: Security component presents a serious risk to the integrity and confidentiality of web-based application data.

Vulnerability

This vulnerability exists within the DOM: Security component, which is responsible for enforcing security policies within the application's document object model. The specific conditions required for an attacker to trigger this disclosure remain undisclosed.

Business impact

Exploitation of a security component vulnerability can effectively neutralize application-level defenses, leading to unauthorized data access or session compromise. With a CVSS score of 7.5, this issue is deemed high risk, as it could permit attackers to bypass security boundaries and access sensitive user or system information.

Remediation

Immediate Action: Locate all affected Infor software deployments and apply the latest security updates immediately upon release.

Proactive Monitoring: Monitor application traffic for suspicious DOM-related activity or unusual security policy exceptions within system logs.

Compensating Controls: Ensure that modern browser security policies (such as Content Security Policy) are strictly enforced and utilize WAF rules to inspect incoming traffic for malicious payloads.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the central role of security components in protecting application integrity, this vulnerability should be addressed with urgency. IT teams must stay vigilant for updates from Infor and perform thorough testing before and after applying patches to ensure business continuity while closing this security gap.