CVE-2026-9142

There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback.  This may allow an unauthenticated user access to the server on the local network.  This affects NI grpc-device 2.17.0 and prior versions.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*
cpe:2.3:a:ni:instrumentstudio:2026:q1:*:*:*:*:*:*
cpe:2.3:a:ni:instrumentstudio:2026:q2:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:ni:ni_grpc_device_server:*:*:*:*:*:*:*:*

History

25 Jun 2026, 14:40

Type Values Removed Values Added
References () https://github.com/ni/grpc-device/security/advisories/GHSA-fhhw-37q8-6562 - () https://github.com/ni/grpc-device/security/advisories/GHSA-fhhw-37q8-6562 - Vendor Advisory
References () https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html - () https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html - Vendor Advisory
CPE cpe:2.3:a:ni:ni_grpc_device_server:*:*:*:*:*:*:*:*
cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*
cpe:2.3:a:ni:instrumentstudio:2026:q2:*:*:*:*:*:*
cpe:2.3:a:ni:instrumentstudio:2026:q1:*:*:*:*:*:*
First Time Ni
Ni instrumentstudio
Ni ni Grpc Device Server

19 Jun 2026, 14:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-19 14:16

Updated : 2026-06-25 14:40


NVD link : CVE-2026-9142

Mitre link : CVE-2026-9142

CVE.ORG link : CVE-2026-9142


JSON object : View

Products Affected

ni

  • instrumentstudio
  • ni_grpc_device_server
CWE
CWE-306

Missing Authentication for Critical Function