CVE-2026-9142
Analyzed
Analyzed - Analysis Complete
Insecure Default Credentials in NI grpc-device
Vulnerability report for CVE-2026-9142, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-19
Last updated on: 2026-06-25
Assigner: National Instruments
Description
Description
There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback.Β This may allow an unauthenticated user access to the server on the local network.Β This affects NI grpc-device 2.17.0 and prior versions.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ni | instrumentstudio | to 2025 (inc) |
| ni | instrumentstudio | 2026 |
| ni | instrumentstudio | 2026 |
| ni | ni_grpc_device_server | to 2.18.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |