CVE-2026-9051

CRITICAL

NI SystemLink Enterprise <= 2026-04 - Authentication Bypass

Title source: manual

Description

There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to privilege escalation or information disclosure. Successful exploitation requires an attacker to send a specially crafted HTTP request. This vulnerability affects NI SystemLink Enterprise 2026-04 and prior versions.

References (1)

Core 1

Core References

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/authentication-bypass-vulnerability-in-ni-systemlink-enterprise.html

Scores

CVSS v3 9.1

EPSS 0.0059

EPSS Percentile 43.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-306

Status published

Products (1)

NI/SystemLink Enterprise < 2026-04

Published May 29, 2026

Tracked Since May 30, 2026