PT-2026-50901 · Ni · Ni Instrumentstudio+1
Sebasteuo
·
Published
2026-06-19
·
Updated
2026-06-20
·
CVE-2026-9142
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
NI grpc-device versions prior to 2.17.0
Description
Insecure default credentials exist when TLS configuration is absent and the server is bound beyond the loopback interface. This allows an unauthenticated user on the local network to gain access to the server, potentially leading to remote code execution (RCE), which is the ability to execute arbitrary commands on a remote machine.
Recommendations
Update to a version later than 2.17.0.
Fix
RCE
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ni Instrumentstudio
Grpc-Device