Unchecked Enum Cast Vulnerability in NI Grpc-Device
CVE-2026-48140

7.1HIGH

Key Information:

Vendor: Ni
Status: Grpc-device; Instrumentstudio
Vendor: CVE Published:; 19 June 2026

What is CVE-2026-48140?

A vulnerability exists in the NI grpc-device that allows an attacker to exploit unchecked enum casting. This may lead to the triggering of invalid enum states and unpredictable behavior, including potential denial of service. The vulnerability requires the attacker to send a carefully crafted message containing an out-of-range value. This issue affects versions 2.17.0 and earlier of the grpc-device product.

Affected Version(s)

grpc-device 0 <= 2.17.0

InstrumentStudio 0 <= 26.3.0

References

https://www.ni.com/en/support/security/available-critical...

https://github.com/ni/grpc-device/security/advisories/GHS...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2026
Vulnerability Reserved
May 20, 2026

Credit

Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)

CVE-2026-48140 Data

JSON

Ni

What is CVE-2026-48140?

Affected Version(s)

References

CVSS V4

Timeline

Credit