Numeric Types Conversion Vulnerability in NI grpc-device Software
CVE-2026-9143

6.3MEDIUM

Key Information:

Vendor: Ni
Status: Grpc-device; Instrumentstudio
Vendor: CVE Published:; 19 June 2026

What is CVE-2026-9143?

A vulnerability exists in NI grpc-device, where improper conversion between numeric types can occur due to missing range checks in the CodeGen component. This flaw has the potential to silently discard significant high bits if a size value exceeds the allowable range of the target type, which can lead to unintended behavior and potentially compromise the integrity of user data. This issue affects all versions of NI grpc-device up to and including 2.17.0.

Affected Version(s)

grpc-device 0 <= 2.17.0

InstrumentStudio 0 <= 26.3.0

References

https://www.ni.com/en/support/security/available-critical...

vendor-advisory

https://github.com/ni/grpc-device/security/advisories/GHS...

vendor-advisory

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2026
Vulnerability Reserved
May 20, 2026

Credit

Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)

CVE-2026-9143 Data

JSON

Ni

What is CVE-2026-9143?

Affected Version(s)

References

CVSS V4

Timeline

Credit