CVE-2026-48138
Received Received - Intake
Out-of-Bounds Read in NI grpc-device API

Publication date: 2026-06-19

Last updated on: 2026-06-19

Assigner: National Instruments

Description
There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of service. Successful exploitation requires an attacker to supply a specially crafted write request. This affects NI grpc-device 2.17.0 and prior versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-19
Last Modified
2026-06-19
Generated
2026-06-19
AI Q&A
2026-06-19
EPSS Evaluated
N/A
NVD
CVE-2026-48138
EUVD
EUVD-2026-38022
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ni grpc-device to 2.18.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability, users should upgrade the NI grpc-device package to version 2.18.0 or later.

This update addresses the out-of-bounds read issue caused by a missing bounds check in the streaming API, preventing potential denial of service attacks.

Impact Analysis

The primary impact of this vulnerability is a denial of service condition.

An attacker can cause the affected system to become unavailable by exploiting the out-of-bounds read flaw.

The attack can be performed remotely over the network without requiring any privileges or user interaction.

Executive Summary

CVE-2026-48138 is an out-of-bounds read vulnerability in the NI grpc-device streaming API caused by a missing bounds check.

This means the software reads data outside the intended buffer range, which can lead to unexpected behavior.

An attacker can exploit this by sending a specially crafted write request to the affected versions (prior to 2.18.0) of the grpc-device package.

Successful exploitation may result in a denial of service, making the system unavailable.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48138. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart