CVE-2026-48140

Summary

There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial of service. Successful exploitation requires an attacker to supply a specially crafted message containing an out-of-range value. This affects NI grpc-device 2.17.0 and prior versions.

Affected Software

VendorProductVersion RangeStatus
NIgrpc-device0 <= 2.17.0affected
NIInstrumentStudio0 <= 26.3.0affected

Weaknesses

  • CWE-704: CWE-704 Incorrect Type Conversion or Cast

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References