CVE Catalog

CVE-2026-48139

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.34%

26th percentile - higher than 26% of all known CVEs

Summary

There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service. Successful exploitation requires an attacker to provide an unknown value to the data moniker service.

Risk Assessment

This vulnerability may lead to denial of service, impacting system availability. An attacker could exploit this flaw to disrupt service operation.

Recommendation

It is recommended to update NI grpc-device to version 2.17.1 or later to mitigate this vulnerability.

Original NVD description (English source)

There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash.  Successful exploitation requires an attacker to provide an unknown value to the data moniker service. This affects NI grpc-device 2.17.0 and prior versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS