CVE-2026-48141
Received Received - Intake
Memory Leak in NI grpc-device Leading to DoS

Publication date: 2026-06-19

Last updated on: 2026-06-19

Assigner: National Instruments

Description
There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion.Β  This affects NI grpc-device 2.17.0 and prior versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-19
Last Modified
2026-06-19
Generated
2026-06-19
AI Q&A
2026-06-19
EPSS Evaluated
N/A
NVD
CVE-2026-48141
EUVD
EUVD-2026-38029
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ni grpc-device to 2.17.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-48141 is a memory leak vulnerability in the NI grpc-device library's BeginSidebandStream function. This means that the software does not properly release memory after it is used, causing memory to be consumed continuously.

This issue affects versions up to and including 2.17.0 and has been fixed in version 2.18.0.

Because memory is not freed, the system can eventually run out of memory, potentially leading to a denial of service where the affected application or system becomes unavailable.

Impact Analysis

The primary impact of this vulnerability is on system availability. Due to the memory leak, the system or application using the NI grpc-device library may exhaust its memory resources.

This can cause the affected service to crash or become unresponsive, resulting in a denial of service.

There are no direct impacts on confidentiality or integrity.

Detection Guidance

This vulnerability is a memory leak in the NI grpc-device library's BeginSidebandStream function, which may lead to denial of service due to memory exhaustion.

Detection would involve monitoring the memory usage of processes using the NI grpc-device library, especially those running version 2.17.0 or earlier.

Suggested commands include using system monitoring tools to observe memory consumption over time for the grpc-device process, such as:

  • On Linux: `top`, `htop`, or `ps aux --sort=-rss | grep grpc-device` to check memory usage.
  • Using `valgrind --leak-check=full` or similar memory profiling tools on the grpc-device process to detect memory leaks.
  • Network monitoring tools to detect unusual denial of service symptoms caused by memory exhaustion in grpc-device services.
Mitigation Strategies

The primary mitigation step is to upgrade the NI grpc-device library to version 2.18.0 or later, where this memory leak vulnerability has been patched.

Since the vulnerability requires network access and has high complexity, limiting network exposure to the grpc-device service can also reduce risk.

Monitoring system memory usage and restarting the grpc-device service if memory consumption grows abnormally can be a temporary workaround until the upgrade is applied.

Compliance Impact

This vulnerability primarily impacts system availability due to a memory leak that can lead to denial of service. There are no direct effects on confidentiality or integrity of data.

Since the vulnerability does not affect confidentiality or integrity, it does not directly compromise compliance with standards like GDPR or HIPAA, which focus heavily on protecting personal data privacy and integrity.

However, denial of service could indirectly affect availability requirements in some regulations, but no specific compliance impact is detailed in the provided information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48141. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart