CVE-2026-9143
Received Received - Intake
Incorrect Numeric Conversion in NI grpc-device

Publication date: 2026-06-19

Last updated on: 2026-06-19

Assigner: National Instruments

Description
There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen.  This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-19
Last Modified
2026-06-19
Generated
2026-06-19
AI Q&A
2026-06-19
EPSS Evaluated
N/A
NVD
CVE-2026-9143
EUVD
EUVD-2026-38032
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ni grpc-device to 2.17.0 (exc)
ni grpc-device to 2.18.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-681 When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability involves an incorrect numeric type conversion that may silently discard high bits, potentially causing unexpected values and dangerous behaviors in sensitive contexts. However, there is no impact on confidentiality and only a low impact on integrity, with no impact on availability.

Given the lack of impact on confidentiality and the low impact on integrity, this vulnerability is unlikely to directly affect compliance with common standards and regulations such as GDPR or HIPAA, which primarily focus on protecting sensitive data confidentiality and integrity.

Impact Analysis

This vulnerability can impact the integrity of the system by causing incorrect numeric values due to discarded high bits during type conversion.

Although it does not affect confidentiality or availability, the low integrity impact means that some operations might behave unexpectedly or incorrectly.

The attack vector is network-based, requiring high complexity, no privileges, and no user interaction, which limits the likelihood of exploitation.

Executive Summary

CVE-2026-9143 is a vulnerability in NI grpc-device caused by an incorrect conversion between numeric types due to missing range checks in the CodeGen component.

This flaw may silently discard high bits if a size value exceeds the target type's range, potentially leading to unexpected or incorrect values.

It affects versions 2.17.0 and earlier and has been fixed in version 2.18.0 and later.

The weakness is classified as CWE-681, which involves incorrect numeric conversions that can cause dangerous behaviors in sensitive contexts.

Mitigation Strategies

To mitigate the CVE-2026-9143 vulnerability, you should upgrade NI grpc-device to version 2.18.0 or later, where the issue has been patched.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9143. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart