CVE-2026-48137
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk39th percentile — higher than 39% of all known CVEs
Summary
There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution. Successful exploitation requires an attacker to supply a specially crafted Moniker protobuf message.
Risk Assessment
This vulnerability may lead to serious security threats, including remote code execution by an attacker, which can affect the integrity and confidentiality of the system.
Recommendation
It is recommended to upgrade to NI grpc-device version 2.17.1 or later to mitigate this vulnerability and to monitor the system for suspicious activity.
Original NVD description (English source)
There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution. Successful exploitation requires an attacker to supply a specially crafted Moniker protobuf message. This affects NI grpc-device 2.17.0 and prior versions.

