cbcvebase.

Ni Grpc Device Server vulnerabilities

7 known vulnerabilities affecting ni/ni_grpc_device_server.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2026-9142P2CRITICALCVSS 9.1fixed in 2.18.02026-06-19
CVE-2026-9142 [CRITICAL] CWE-306 CVE-2026-9142: There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is n There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticated user access to the server on the local network. This affects NI grpc-device 2.17.0 and prior versions.
nvd
CVE-2026-48137P2CRITICALCVSS 9.8fixed in 2.18.02026-06-19
CVE-2026-48137 [CRITICAL] CWE-822 CVE-2026-48137: There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution. Successful exploitation requires an attacker to supply a specially crafted Moniker protobuf message. This affects NI grpc-device 2.
nvd
CVE-2026-48138P3HIGHCVSS 7.5fixed in 2.18.02026-06-19
CVE-2026-48138 [HIGH] CWE-125 CVE-2026-48138: There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bo There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of service. Successful exploitation requires an attacker to supply a specially crafted write request. This affects NI grpc-device 2.17.0 and prior versions.
nvd
CVE-2026-48139P3HIGHCVSS 7.5fixed in 2.18.02026-06-19
CVE-2026-48139 [HIGH] CWE-476 CVE-2026-48139: There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash. Successful exploitation requires an attacker to provide an unknown value to the data moniker service. This affects NI grpc-device 2.17.0 and prior versions.
nvd
CVE-2026-48141P3HIGHCVSS 7.5fixed in 2.18.02026-06-19
CVE-2026-48141 [HIGH] CWE-401 CVE-2026-48141: There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service du There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion. This affects NI grpc-device 2.17.0 and prior versions.
nvd
CVE-2026-48140P3MEDIUMCVSS 6.5fixed in 2.18.02026-06-19
CVE-2026-48140 [MEDIUM] CWE-704 CVE-2026-48140: There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow a There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial of service. Successful exploitation requires an attacker to supply a specially crafted message containing an out-of-range value. This affects NI grpc-d
nvd
CVE-2026-9143P4MEDIUMCVSS 5.3fixed in 2.18.02026-06-19
CVE-2026-9143 [MEDIUM] CWE-681 CVE-2026-9143: There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missin There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions.
nvd
Ni Grpc Device Server vulnerabilities | cvebase