Out-of-Bounds Read Vulnerability in NI grpc-device Streaming API
CVE-2026-48138

8.7HIGH

Key Information:

Vendor: Ni
Status: Grpc-device; Instrumentstudio
Vendor: CVE Published:; 19 June 2026

What is CVE-2026-48138?

An out-of-bounds read vulnerability exists within NI's grpc-device streaming API due to an absence of appropriate bounds checks. This flaw can potentially allow an attacker to craft a specific write request that may lead to denial of service. This issue impacts versions 2.17.0 and earlier of the NI grpc-device, exposing systems to potential disruptions and attacks.

Affected Version(s)

grpc-device 0 <= 2.17.0

InstrumentStudio 0 <= 26.3.0

References

https://www.ni.com/en/support/security/available-critical...

vendor-advisory

https://github.com/ni/grpc-device/security/advisories/GHS...

vendor-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2026
Vulnerability Reserved
May 20, 2026

Credit

Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)

CVE-2026-48138 Data

JSON

Ni

What is CVE-2026-48138?

Affected Version(s)

References

CVSS V4

Timeline

Credit