CVE Catalog

CVE-2026-48140

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

There is an unchecked enum cast vulnerability in NI grpc-device version 2.17.0 and prior in the BeginSidebandStream function. This may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial of service.

Risk Assessment

Exploitation of this vulnerability could lead to denial of service, affecting system availability. An attacker needs to supply a specially crafted message containing an out-of-range value.

Recommendation

It is recommended to update NI grpc-device to the latest version to mitigate this vulnerability. Additionally, monitoring and filtering incoming messages should be implemented to prevent malicious data from being delivered.

Original NVD description (English source)

There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial of service. Successful exploitation requires an attacker to supply a specially crafted message containing an out-of-range value. This affects NI grpc-device 2.17.0 and prior versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS