CRITICAL✓ PATCH🇬🇧 English

CVE-2026-9142

CVSS 9.3v4.0pub. 2026-06-19upd. 2026-06-25

There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback.  This may allow an unauthenticated user access to the server on the local network.  This affects NI grpc-device 2.17.0 and prior versions.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Ni Instrumentstudio

    APP
    Ni
    2026≤ 2025
  • Ni Grpc Device Server

    APP
    Ni
    < 2.18.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2026-48137CRITICAL9.3ten sam produkt

There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may ...

CVE-2026-48138HIGH8.7ten sam produkt

There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check...

CVE-2026-48139HIGH8.7ten sam produkt

There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow...

CVE-2026-48140HIGH7.1ten sam produkt

There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker...

CVE-2026-48141MEDIUM6.0ten sam produkt

There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memor...