CVE-2016-10157 in NetSession
Summary
by MITRE
Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code within the Akamai NetSession process space.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 05/14/2026
The vulnerability identified as CVE-2016-10157 represents a critical DLL hijacking flaw in Akamai NetSession version 1.9.3.1 that stems from improper dynamic link library loading practices. This vulnerability falls under the broader category of insecure library loading mechanisms that have been consistently documented in cybersecurity literature and classified under CWE-770, which addresses the improper handling of dynamic link libraries. The flaw manifests when the application attempts to load CSUNSAPI.dll without specifying the complete file path, creating an exploitable window where malicious actors can manipulate the dynamic loading process. This particular implementation pattern violates fundamental security principles of privilege separation and secure coding practices, as it relies on the system's DLL search order rather than explicit path resolution.
The operational impact of this vulnerability extends beyond simple code injection capabilities to encompass full system compromise potential within the context of the affected application's execution environment. When the CSUNSAPI.dll file is missing from the installation directory, the system's default DLL search order becomes exploitable, allowing attackers to place malicious DLL files in directories that are searched before the legitimate application directory. This behavior directly aligns with the techniques documented in the MITRE ATT&CK framework under the T1059.001 technique for execution through dynamic-link libraries, where adversaries leverage legitimate system processes to execute malicious code. The vulnerability creates a persistent threat vector that can be exploited by attackers to execute arbitrary code with the privileges of the Akamai NetSession process, potentially leading to privilege escalation and further system compromise.
Security professionals must understand that this vulnerability represents a classic example of how insufficient input validation and improper library loading can create persistent security weaknesses in enterprise applications. The flaw demonstrates the importance of implementing secure coding practices such as using fully qualified paths for dynamic library loading, which would prevent the exploitation of the DLL search order mechanism. Organizations using Akamai NetSession should immediately implement mitigations including patching to the latest available version, implementing application whitelisting controls, and monitoring for suspicious DLL loading activities. The vulnerability also highlights the necessity of regular security assessments and adherence to secure development lifecycle practices, as outlined in industry standards such as NIST SP 800-160 and ISO/IEC 27034, which emphasize the critical need for secure coding practices and proper dependency management to prevent such exploitable conditions.