Executive Summary

CVE-2026-48139 is a NULL pointer dereference vulnerability found in the NI grpc-device data moniker service, affecting versions up to and including 2.17.0.

This vulnerability allows an attacker to cause a denial of service by crashing the service. Exploitation requires the attacker to provide an unknown value to the data moniker service.

The issue has been patched in version 2.18.0 and later.

Useful 0 Not Useful 0

Impact Analysis

The primary impact of this vulnerability is a denial of service, resulting in loss of availability of the NI grpc-device data moniker service.

An attacker can remotely exploit this vulnerability without requiring any privileges or user interaction.

There is no impact on confidentiality or integrity, only availability is affected.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, you should upgrade the NI grpc-device software to version 2.18.0 or later, where the issue has been patched.

Since the vulnerability allows remote denial of service without requiring privileges or user interaction, applying the patch promptly is critical to prevent potential crashes of the data moniker service.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability causes a denial of service by crashing the NI grpc-device data moniker service, resulting in loss of availability.

There is no impact on confidentiality or integrity, which are critical factors for compliance with standards such as GDPR and HIPAA.

Since the vulnerability does not expose or alter sensitive data, it is unlikely to directly affect compliance with data protection regulations focused on confidentiality and integrity.

However, the loss of availability could impact operational requirements under some standards that mandate system availability and resilience.

Useful 0 Not Useful 0