Memory Corruption Vulnerability in NI LabVIEW by National Instruments
CVE-2026-32864

8.5HIGH

Key Information:

Vendor: Ni
Status: Labview
Vendor: CVE Published:; 7 April 2026

What is CVE-2026-32864?

A memory corruption vulnerability in NI LabVIEW arises from an out-of-bounds read in the function mgcore_SH_25_3!aligned_free(). This can lead to information disclosure or arbitrary code execution. An attacker could exploit this vulnerability by tricking a user into opening a specially crafted VI file, making this issue particularly concerning for users of NI LabVIEW 2026 Q1 and earlier versions. Organizations using affected versions should prioritize remediation efforts.

Affected Version(s)

LabVIEW 0 < 23.0.0

LabVIEW 23.1.0 < 23.3.9

LabVIEW 24.1.0 < 24.3.6

References

https://www.ni.com/en/support/security/available-critical...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Mar 16, 2026

Credit

Michael Heinzl

CVE-2026-32864 Data

JSON

Ni

What is CVE-2026-32864?

Affected Version(s)

References

CVSS V4

Timeline

Credit