CVE-2026-9142

CRITICAL

NI grpc-device <= 2.17.0 - Insecure Default Credentials

Title source: manual
STIX 2.1

Description

There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback.  This may allow an unauthenticated user access to the server on the local network.  This affects NI grpc-device 2.17.0 and prior versions.

Scores

CVSS v3 9.1
EPSS 0.0031
EPSS Percentile 22.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-306
Status published
Products (5)
NI/grpc-device < 2.17.0
ni/instrumentstudio 2026 q1 (2 CPE variants)
ni/instrumentstudio < 2025
NI/InstrumentStudio < 26.3.0
ni/ni_grpc_device_server < 2.18.0
Published Jun 19, 2026
Tracked Since Jun 19, 2026