CVE-2026-9143
Analyzed Analyzed - Analysis Complete

Incorrect Numeric Conversion in NI grpc-device

Vulnerability report for CVE-2026-9143, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-19

Last updated on: 2026-06-25

Assigner: National Instruments

Description

There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen.  This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-19
Last Modified
2026-06-25
Generated
2026-07-10
AI Q&A
2026-06-19
EPSS Evaluated
2026-07-08
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
ni instrumentstudio to 2025 (inc)
ni instrumentstudio 2026
ni instrumentstudio 2026
ni ni_grpc_device_server to 2.18.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-681 When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

This vulnerability can impact the integrity of the system by causing incorrect numeric values due to discarded high bits during type conversion.

Although it does not affect confidentiality or availability, the low integrity impact means that some operations might behave unexpectedly or incorrectly.

The attack vector is network-based, requiring high complexity, no privileges, and no user interaction, which limits the likelihood of exploitation.

Executive Summary

CVE-2026-9143 is a vulnerability in NI grpc-device caused by an incorrect conversion between numeric types due to missing range checks in the CodeGen component.

This flaw may silently discard high bits if a size value exceeds the target type's range, potentially leading to unexpected or incorrect values.

It affects versions 2.17.0 and earlier and has been fixed in version 2.18.0 and later.

The weakness is classified as CWE-681, which involves incorrect numeric conversions that can cause dangerous behaviors in sensitive contexts.

Mitigation Strategies

To mitigate the CVE-2026-9143 vulnerability, you should upgrade NI grpc-device to version 2.18.0 or later, where the issue has been patched.

Compliance Impact

The vulnerability involves an incorrect numeric type conversion that may silently discard high bits, potentially causing unexpected values and dangerous behaviors in sensitive contexts. However, there is no impact on confidentiality and only a low impact on integrity, with no impact on availability.

Given the lack of impact on confidentiality and the low impact on integrity, this vulnerability is unlikely to directly affect compliance with common standards and regulations such as GDPR or HIPAA, which primarily focus on protecting sensitive data confidentiality and integrity.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9143. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart