CVE-2026-9051
published 2026-05-29CVE-2026-9051: There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to…
PriorityP268critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
0.62%
45.4th percentile
There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to privilege escalation or information disclosure. Successful exploitation requires an attacker to send a specially crafted HTTP request. This vulnerability affects NI SystemLink Enterprise 2026-04 and prior versions.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ni | systemlink_enterprise | <= 2026-04 | — |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
NI SystemLink Enterprise up to 2026-04 Dashboard missing authentication
vuldb·2026-05-29·CVSS 9.3
CVE-2026-9051 [CRITICAL] NI SystemLink Enterprise up to 2026-04 Dashboard missing authentication
A vulnerability classified as critical has been found in NI SystemLink Enterprise up to 2026-04. Impacted is an unknown function of the component Dashboard. Performing a manipulation results in missing authentication.
This vulnerability is reported as CVE-2026-9051. The attack is possible to be carried out remotely. No exploit exists.
GHSA
GHSA-f5mf-h7w7-c35x: There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacke
ghsa_unreviewed·2026-05-29
CVE-2026-9051 [CRITICAL] CWE-306 GHSA-f5mf-h7w7-c35x: There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacke
There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to privilege escalation or information disclosure. Successful exploitation requires an attacker to send a specially crafted HTTP request. This vulnerability affects NI SystemLink Enterprise 2026-04 and prior versions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-29
Published