NULL Pointer Dereference Vulnerability in NI grpc-device
CVE-2026-48139

8.7HIGH

Key Information:

Vendor: Ni
Status: Grpc-device; Instrumentstudio
Vendor: CVE Published:; 19 June 2026

What is CVE-2026-48139?

A NULL pointer dereference vulnerability exists in the data moniker service of NI grpc-device, allowing an attacker to trigger a denial of service by submitting an unknown value. This exploit can lead to a crash of the affected service, disrupting normal operations. Versions affected include NI grpc-device 2.17.0 and earlier.

Affected Version(s)

grpc-device 0 <= 2.17.0

InstrumentStudio 0 <= 26.3.0

References

https://www.ni.com/en/support/security/available-critical...

vendor-advisory

https://github.com/ni/grpc-device/security/advisories/GHS...

vendor-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2026
Vulnerability Reserved
May 20, 2026

Credit

Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)

CVE-2026-48139 Data

JSON

Ni

What is CVE-2026-48139?

Affected Version(s)

References

CVSS V4

Timeline

Credit