CVE-2026-9142

CRITICAL NVD

CVSS Score 9.1

Severity CRITICAL

Published Jun 19, 2026

Vendor unknown

Description

There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticated user access to the server on the local network. This affects NI grpc-device 2.17.0 and prior versions.

References

https://github.com/ni/grpc-device/security/advisories/GHSA-fhhw-37q8-6562
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html