Description
There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion.  This affects NI grpc-device 2.17.0 and prior versions.
Published: 2026-06-19
Score: 6 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A memory leak occurs in the NI grpc-device BeginSidebandStream routine, with the potential to consume system memory until exhaustion and disrupt service availability. The vulnerability is categorized as CWE-401 and carries a CVSS score of 6, indicating moderate severity. An attacker exploiting this flaw would likely cause a denial of service by repeatedly initiating sideband streams to trigger the leak.

Affected Systems

NI’s InstrumentStudio and grpc-device products are affected, specifically the grpc-device versions 2.17.0 and all earlier releases. The vulnerability is tied to the grpc-device component within InstrumentStudio installations.

Risk and Exploitability

The exploitation of this memory leak can be achieved via remote gRPC calls that invoke BeginSidebandStream; no further privileged access is required. Although no EPSS score is published and the vulnerability is not listed in CISA’s KEV catalog, the moderate CVSS rating and the possibility of memory exhaustion make it a noteworthy threat. Organizations running the affected software should treat this as a high‑priority risk until a patch is applied.

Generated by OpenCVE AI on June 19, 2026 at 20:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest National Instruments security patch for NI grpc-device that addresses the memory leak
  • Upgrade the InstrumentStudio environment to the most recent compatible release to ensure all related components are fixed
  • Monitor memory usage and enforce limits on sideband stream usage to prevent potential exhaustion should an upgrade not be immediately possible

Generated by OpenCVE AI on June 19, 2026 at 20:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion.  This affects NI grpc-device 2.17.0 and prior versions.
Title Memory leak in NI grpc-device BeginSidebandStream
First Time appeared Ni
Ni grpc-device
Ni instrumentstudio
Weaknesses CWE-401
CPEs cpe:2.3:a:ni:grpc-device:*:*:*:*:*:*:*:*
cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*
Vendors & Products Ni
Ni grpc-device
Ni instrumentstudio
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Ni Grpc-device Instrumentstudio
cve-icon MITRE

Status: PUBLISHED

Assigner: NI

Published:

Updated: 2026-06-19T13:37:50.361Z

Reserved: 2026-05-20T19:51:56.936Z

Link: CVE-2026-48141

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T20:15:02Z

Weaknesses
  • CWE-401

    Missing Release of Memory after Effective Lifetime