HarborGuard / CVE
Back to search
CRITICALCVE-2026-9051Published Modified CNA NI

CVE-2026-9051: Authentication Bypass Vulnerability in NI SystemLink Enterprise

There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to privilege escalation or information disclosure.  Successful exploitation requires an attacker to send a specially crafted HTTP request.  This vulnerability affects NI SystemLink Enterprise 2026-04 and prior versions.

HarborGuard Analysis

HarborGuard analysis

Synopsis

An authentication bypass in the NI SystemLink Enterprise Dashboard lets an unauthenticated remote attacker send a specially crafted HTTP request to skip authentication checks. The bug is reachable over the network with no credentials and no user interaction, and successful exploitation enables privilege escalation and disclosure of data held by the dashboard. No fix version has been published; HarborGuard tracks the advisory for patch availability.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against NI SystemLink Enterprise images in customer registries and CI pipelines, including custom-built images derived from the affected versions.

Available
Triage

Triage is available with the published CVSS v4.0 score of 9.3 (Critical) weighted against each customer's compliance policy, so affected images get routed to the appropriate security or platform inbox inside the customer org rather than buried in a generic queue.

Available
Patch

No upstream fix is published yet. HarborGuard re-checks the NI advisory each ingest cycle and will make a patched-image rebuild available the moment a fixed SystemLink Enterprise version ships; auto-remediation customers will then get a rebuild, regression run, and PR opened against affected workloads automatically.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must be able to reach the SystemLink Enterprise Dashboard's HTTP endpoint over the network.

  • AuthenticationNot required

    No credentials are needed; the flaw is in the authentication layer itself (PR:N).

  • Victim interactionNot required

    Exploitation is a direct HTTP request to the server and requires no action from any user (UI:N).

  • Attack complexityDetail

    AC:L indicates the crafted request works reliably without race conditions or environmental tuning.

Blast Radius

  • Reads sensitive data exposed through the Dashboard, including configuration and operational records the application holds (VC:H).
  • Modifies state and escalates privileges within the application, effectively acting as a higher-privileged user (VI:H).
  • Availability of the service itself is not directly impacted by this flaw (VA:N), though follow-on actions by the attacker may disrupt operations.

How HarborGuard Handles This

Available on HarborGuard: continuous matching of NI SystemLink Enterprise 2026-04 and earlier images against this advisory, with critical-severity routing into each customer's configured inbox. Because no upstream fix is published, the recommended compensating controls are restricting Dashboard exposure with network policies or VPN-only access, adding egress filtering, and gating the Dashboard behind an authenticating reverse proxy until NI ships a patch. For customers who opt into auto-remediation, a rebuilt image at the fix version will be generated, regression-tested, and proposed via PR as soon as NI publishes a fixed release.

See how HarborGuard automates this

Metrics

CVSS v4.0
9.3
Severity
CRITICAL
Fixed in
Affected Products
1
Affected packages
  • NI / SystemLink Enterprise
    ≤ 2026-04
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
References