CVE-2026-48138

Summary

There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of service. Successful exploitation requires an attacker to supply a specially crafted write request. This affects NI grpc-device 2.17.0 and prior versions.

Affected Software

VendorProductVersion RangeStatus
NIgrpc-device0 <= 2.17.0affected
NIInstrumentStudio0 <= 26.3.0affected

Weaknesses

  • CWE-125: CWE-125 Out-of-bounds read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References