CVE-2026-48140
Received Received - Intake
Unchecked Enum Cast in NI grpc-device Leading to DoS

Publication date: 2026-06-19

Last updated on: 2026-06-19

Assigner: National Instruments

Description
There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial of service. Successful exploitation requires an attacker to supply a specially crafted message containing an out-of-range value. This affects NI grpc-device 2.17.0 and prior versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-19
Last Modified
2026-06-19
Generated
2026-06-19
AI Q&A
2026-06-19
EPSS Evaluated
N/A
NVD
CVE-2026-48140
EUVD
EUVD-2026-38028
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ni grpc-device to 2.17.0 (inc)
ni grpc-device From 2.18.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-704 The product does not correctly convert an object, resource, or structure from one type to a different type.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in NI grpc-device involves a denial of service risk due to an unchecked enum cast, which primarily impacts system availability.

While the vulnerability could affect system reliability and availability, there is no direct information indicating an impact on data confidentiality or integrity.

Therefore, based on the provided information, there is no explicit indication that this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA, which focus heavily on data protection and privacy.

Mitigation Strategies

The immediate mitigation step is to upgrade NI grpc-device to version 2.18.0 or later, where this vulnerability has been patched.

Until the upgrade can be applied, restrict network access to the grpc-device service to trusted users only, minimizing exposure to potentially malicious crafted messages.

Executive Summary

CVE-2026-48140 is a vulnerability in the NI grpc-device software, specifically in the BeginSidebandStream function. It involves an unchecked enum cast, meaning the software does not properly validate certain enum values it receives.

An attacker can exploit this by sending a specially crafted message containing an out-of-range enum value, which triggers invalid enum states and causes undefined behavior in the software.

This undefined behavior can potentially lead to a denial of service condition, where the affected system or service becomes unavailable or crashes.

Impact Analysis

The primary impact of this vulnerability is a potential denial of service (DoS) on systems running NI grpc-device versions up to 2.17.0.

An attacker with network access and low privileges can exploit this vulnerability without any user interaction, causing the affected service to crash or become unresponsive.

This can disrupt normal operations, leading to downtime and loss of availability of the affected service.

Detection Guidance

Detection of this vulnerability involves monitoring for specially crafted messages sent to the NI grpc-device BeginSidebandStream function that contain out-of-range enum values.

Since the vulnerability is triggered by invalid enum states caused by out-of-range values, network traffic analysis focusing on grpc-device communication could help identify suspicious messages.

No specific detection commands or signatures are provided in the available resources.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48140. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart