CVE Catalog

CVE-2026-48137

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.50%

39th percentile — higher than 39% of all known CVEs

Summary

There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution. Successful exploitation requires an attacker to supply a specially crafted Moniker protobuf message.

Risk Assessment

This vulnerability may lead to serious security threats, including remote code execution by an attacker, which can affect the integrity and confidentiality of the system.

Recommendation

It is recommended to upgrade to NI grpc-device version 2.17.1 or later to mitigate this vulnerability and to monitor the system for suspicious activity.

Original NVD description (English source)

There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution.  Successful exploitation requires an attacker  to supply a specially crafted Moniker protobuf message.  This affects NI grpc-device 2.17.0 and prior versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS