Description
There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to privilege escalation or information disclosure.  Successful exploitation requires an attacker to send a specially crafted HTTP request.  This vulnerability affects NI SystemLink Enterprise 2026-04 and prior versions.
Published: 2026-05-29
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an unauthenticated attacker to send a specially crafted HTTP request to the SystemLink Enterprise Dashboard application, bypassing authentication controls and potentially gaining elevated privileges or disclosing sensitive data. The weakness is classified as CWE‑306, indicating improper authentication mechanisms.

Affected Systems

Affected vendors include NI, with the product SystemLink Enterprise. The vulnerability exists in version 2026‑04 and all earlier releases of the platform.

Risk and Exploitability

The CVSS score of 9.3 indicates a high‑severity flaw; the EPSS score is not available and it is not listed in CISA KEV, so an exact exploitation probability is unknown. Based on the description, it is inferred that the attack vector is remote and requires only an HTTP request to a specific endpoint, making the flaw potentially exploitable over the network without additional credentials.

Generated by OpenCVE AI on May 29, 2026 at 19:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest NI SystemLink Enterprise patch that addresses the authentication bypass (refer to NI’s security update page).
  • Restrict network access to the SystemLink Enterprise Dashboard to trusted IP addresses or internal networks.
  • Review and update firewall and access‑control rules to block unauthenticated HTTP traffic targeting the dashboard endpoints.

Generated by OpenCVE AI on May 29, 2026 at 19:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 29 May 2026 18:30:00 +0000

Type Values Removed Values Added
Description There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to privilege escalation or information disclosure.  Successful exploitation requires an attacker to send a specially crafted HTTP request.  This vulnerability affects NI SystemLink Enterprise 2026-04 and prior versions.
Title Authentication Bypass Vulnerability in NI SystemLink Enterprise
First Time appeared Ni
Ni systemlink Enterprise
Weaknesses CWE-306
CPEs cpe:2.3:a:ni:systemlink_enterprise:*:*:*:*:*:*:*:*
Vendors & Products Ni
Ni systemlink Enterprise
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Ni Systemlink Enterprise
cve-icon MITRE

Status: PUBLISHED

Assigner: NI

Published:

Updated: 2026-05-29T18:45:55.475Z

Reserved: 2026-05-19T20:34:59.772Z

Link: CVE-2026-9051

cve-icon Vulnrichment

Updated: 2026-05-29T18:45:51.828Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-29T19:16:28.800

Modified: 2026-06-01T17:06:59.370

Link: CVE-2026-9051

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T20:45:07Z

Weaknesses
  • CWE-306

    Missing Authentication for Critical Function