CVE-2026-48137NVD

Vulnerability Summary

There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution. Successful exploitation requires an attacker to supply a specially crafted Moniker protobuf message. This affects NI grpc-device 2.17.0 and prior versions.

Severity Level

CRITICAL(9.1)

Published Date

Jun 19, 2026

Last Modified

Jun 19, 2026

Exploitation Status

No confirmed exploitation yet

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityNone

External References

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html
https://github.com/ni/grpc-device/security/advisories/GHSA-ww59-ghm9-mm63