CVE-2026-48138
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk26th percentile - higher than 26% of all known CVEs
Summary
There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of service. Successful exploitation requires an attacker to supply a specially crafted write request.
Risk Assessment
This vulnerability may lead to denial of service, affecting system availability. An attacker could exploit this flaw to disrupt service operation.
Recommendation
It is recommended to upgrade to NI grpc-device version 2.17.1 or later to mitigate this vulnerability. Additionally, monitoring logs for potential exploitation attempts is advised.
Original NVD description (English source)
There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of service. Successful exploitation requires an attacker to supply a specially crafted write request. This affects NI grpc-device 2.17.0 and prior versions.

