There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticated user access to the server on the local network. This affects NI grpc-device 2.17.0 and prior versions.
References
Configurations
History
25 Jun 2026, 14:40
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/ni/grpc-device/security/advisories/GHSA-fhhw-37q8-6562 - Vendor Advisory | |
| References | () https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html - Vendor Advisory | |
| CPE | cpe:2.3:a:ni:ni_grpc_device_server:*:*:*:*:*:*:*:* cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:* cpe:2.3:a:ni:instrumentstudio:2026:q2:*:*:*:*:*:* cpe:2.3:a:ni:instrumentstudio:2026:q1:*:*:*:*:*:* |
|
| First Time |
Ni
Ni instrumentstudio Ni ni Grpc Device Server |
19 Jun 2026, 14:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-19 14:16
Updated : 2026-06-25 14:40
NVD link : CVE-2026-9142
Mitre link : CVE-2026-9142
CVE.ORG link : CVE-2026-9142
JSON object : View
Products Affected
ni
- instrumentstudio
- ni_grpc_device_server
CWE
CWE-306
Missing Authentication for Critical Function
