CVE-2026-8966

Infor · Multiple Products

A vulnerability in the IP Protection component of Infor products may allow for unauthorized information disclosure.

Executive summary

A critical information disclosure vulnerability in the Infor IP Protection component could lead to the unauthorized exposure of sensitive intellectual property.

Vulnerability

This vulnerability affects the IP Protection component, potentially enabling an attacker to bypass security controls to access restricted information. The specific authentication requirements for this exploit are not currently defined.

Business impact

The compromise of an IP Protection component carries severe business consequences, including the potential theft of proprietary data, trade secrets, or sensitive corporate intellectual property. The CVSS score of 7.5 reinforces the high-risk nature of this vulnerability, necessitating prompt attention to prevent long-term reputational and financial damage.

Remediation

Immediate Action: Audit systems for the presence of the affected IP Protection component and apply all security patches issued by Infor.

Proactive Monitoring: Review audit logs for unauthorized access attempts to proprietary data repositories or unusual export activities.

Compensating Controls: Utilize Data Loss Prevention (DLP) solutions and enhanced access controls to restrict data egress while awaiting a formal vendor patch.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Security teams must treat this vulnerability as a high-priority item. Rapid identification of affected software is required, and administrators should apply vendor-supplied updates as soon as they become available to prevent potential exploitation.