Memory Corruption Vulnerability in NI LabVIEW Affecting NI Software
CVE-2026-32860
8.5HIGH
What is CVE-2026-32860?
A memory corruption vulnerability exists in NI LabVIEW due to an out-of-bounds write when processing specially crafted LVLIB files. This flaw can lead to serious security consequences, including potential information disclosure or arbitrary code execution. An attacker can exploit this vulnerability by persuading the user to open a manipulated .lvlib file, which poses significant risks to users of affected NI LabVIEW versions.
Affected Version(s)
LabVIEW 0 < 23.0.0
LabVIEW 23.1.0 < 23.3.9
LabVIEW 24.1.0 < 24.3.6
References
CVSS V4
Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Rocco Calvi (@TecR0c) with TecSecurity
TrendAI Zero Day Initiative