CVE-2026-48139
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk26th percentile - higher than 26% of all known CVEs
Summary
There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service. Successful exploitation requires an attacker to provide an unknown value to the data moniker service.
Risk Assessment
This vulnerability may lead to denial of service, impacting system availability. An attacker could exploit this flaw to disrupt service operation.
Recommendation
It is recommended to update NI grpc-device to version 2.17.1 or later to mitigate this vulnerability.
Original NVD description (English source)
There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash. Successful exploitation requires an attacker to provide an unknown value to the data moniker service. This affects NI grpc-device 2.17.0 and prior versions.

