In 2021, dataminers discovered a consistent security vulnerability, later termed "ENLBufferPwn", in multiple Nintendo 3DS, Wii U, and Nintendo Switch games. ENLBufferPwn made it possible to inject code into another player's system during online multiplayer by deliberately triggering a buffer overflow in a game's "ENL" network library. The glitch was known to be possible in Animal Crossing: New Horizons, Arms, Mario Kart 7 (where the glitch instead targets the "Net" library), Mario Kart 8, Mario Kart 8 Deluxe, Nintendo Switch Sports, Splatoon, Splatoon 2, Splatoon 3, and Super Mario Maker 2, with other games potentially being affected.

ENLBufferPwn generated significant cybersecurity concerns due to its ease of execution, the fact that it could be pulled off without the target player's notice, and the wide range of actions that could occur through it, up to and including identity theft and espionage. Reflecting this, the United States federal government's National Vulnerability Database gave the glitch a 9.8 rating, reflecting critical threats to public safety. Following multiple reports issued by white hat hackers between 2021 and 2022, Nintendo patched all known affected games to remove the vulnerabilities that made ENLBufferPwn possible.