A vulnerability described as critical has been identified in Apache NiFi up to 2.9.0 . Affected is an unknown function. Executing a manipulation can lead to missing authentication. This vulnerability is registered as CVE-2026-44914 . It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.