CVE-2026-8965
Infor · Multiple Products
A vulnerability in the DOM: Security component of Infor products may result in unauthorized information disclosure.
Executive summary
A critical information disclosure vulnerability within the Infor DOM: Security component presents a serious risk to the integrity and confidentiality of web-based application data.
Vulnerability
This vulnerability exists within the DOM: Security component, which is responsible for enforcing security policies within the application's document object model. The specific conditions required for an attacker to trigger this disclosure remain undisclosed.
Business impact
Exploitation of a security component vulnerability can effectively neutralize application-level defenses, leading to unauthorized data access or session compromise. With a CVSS score of 7.5, this issue is deemed high risk, as it could permit attackers to bypass security boundaries and access sensitive user or system information.
Remediation
Immediate Action: Locate all affected Infor software deployments and apply the latest security updates immediately upon release.
Proactive Monitoring: Monitor application traffic for suspicious DOM-related activity or unusual security policy exceptions within system logs.
Compensating Controls: Ensure that modern browser security policies (such as Content Security Policy) are strictly enforced and utilize WAF rules to inspect incoming traffic for malicious payloads.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Given the central role of security components in protecting application integrity, this vulnerability should be addressed with urgency. IT teams must stay vigilant for updates from Infor and perform thorough testing before and after applying patches to ensure business continuity while closing this security gap.