CVE-2026-48139
Published: 19 June 2026
Summary
CVE-2026-48139 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Ni Instrumentstudio. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 26.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-38027
Vulnerability details
There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash. Successful exploitation requires an attacker to provide an unknown value…
more
to the data moniker service. This affects NI grpc-device 2.17.0 and prior versions.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
NULL pointer dereference enables Application or System Exploitation (T1499.004) for Endpoint DoS via service crash.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.