CVE-2026-9051
Authentication Bypass in NI SystemLink Enterprise Dashboard
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: National Instruments
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ni | systemlink_enterprise | to 2026-04 (exc) |
| ni | systemlink_enterprise | to 2026-05 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can allow an unauthenticated remote attacker to bypass authentication controls in the NI SystemLink Enterprise Dashboard.
As a result, the attacker may gain unauthorized access leading to privilege escalation within the Dashboard resources or disclosure of sensitive information.
Such unauthorized access can compromise the confidentiality and integrity of the affected system's data.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the authentication bypass vulnerability in NI SystemLink Enterprise Dashboard, NI recommends upgrading to SystemLink Enterprise version 2026-05.
Note that the vulnerability affects only the Dashboard application in versions 2026-04 and earlier, and other NI SystemLink components are not affected.
Can you explain this vulnerability to me?
CVE-2026-9051 is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application.
This flaw allows unauthenticated remote attackers to bypass authentication controls by sending a specially crafted HTTP request.
Successful exploitation can lead to privilege escalation or information disclosure, but privilege escalation is limited to Dashboard resources only.
The vulnerability affects NI SystemLink Enterprise versions 2026-04 and earlier.