CVE-2026-48137

Summary

There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution.  Successful exploitation requires an attacker  to supply a specially crafted Moniker protobuf message.  This affects NI grpc-device 2.17.0 and prior versions.

Affected Software

VendorProductVersion RangeStatus
NIgrpc-device0 <= 2.17.0affected
NIInstrumentStudio0 <= 26.3.0affected

Weaknesses

  • CWE-822: CWE-822 Untrusted pointer dereference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References