CVE-2026-48139
Analyzed Analyzed - Analysis Complete

NULL Pointer Dereference in NI grpc-device

Vulnerability report for CVE-2026-48139, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-19

Last updated on: 2026-06-25

Assigner: National Instruments

Description

There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash.  Successful exploitation requires an attacker to provide an unknown value to the data moniker service. This affects NI grpc-device 2.17.0 and prior versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-19
Last Modified
2026-06-25
Generated
2026-07-10
AI Q&A
2026-06-19
EPSS Evaluated
2026-07-08
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
ni instrumentstudio to 2025 (inc)
ni instrumentstudio 2026
ni instrumentstudio 2026
ni ni_grpc_device_server to 2.18.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-48139 is a NULL pointer dereference vulnerability found in the NI grpc-device data moniker service, affecting versions up to and including 2.17.0.

This vulnerability allows an attacker to cause a denial of service by crashing the service. Exploitation requires the attacker to provide an unknown value to the data moniker service.

The issue has been patched in version 2.18.0 and later.

Impact Analysis

The primary impact of this vulnerability is a denial of service, resulting in loss of availability of the NI grpc-device data moniker service.

An attacker can remotely exploit this vulnerability without requiring any privileges or user interaction.

There is no impact on confidentiality or integrity, only availability is affected.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade the NI grpc-device software to version 2.18.0 or later, where the issue has been patched.

Since the vulnerability allows remote denial of service without requiring privileges or user interaction, applying the patch promptly is critical to prevent potential crashes of the data moniker service.

Compliance Impact

This vulnerability causes a denial of service by crashing the NI grpc-device data moniker service, resulting in loss of availability.

There is no impact on confidentiality or integrity, which are critical factors for compliance with standards such as GDPR and HIPAA.

Since the vulnerability does not expose or alter sensitive data, it is unlikely to directly affect compliance with data protection regulations focused on confidentiality and integrity.

However, the loss of availability could impact operational requirements under some standards that mandate system availability and resilience.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48139. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart