CVE-2026-32861

HIGH

Out-of-Bounds Write Vulnerability in NI LabVIEW when loading lvclass file

Title source: cna
STIX 2.1

Description

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVCLASS file in NI LabVIEW.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .lvclass file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.

References (1)

Scores

CVSS v3 7.8
EPSS 0.0002
EPSS Percentile 5.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-787
Status published
Products (10)
ni/labview 2023 q1 (10 CPE variants)
ni/labview 2024 (9 CPE variants)
ni/labview 2025 q1 (8 CPE variants)
ni/labview 2026 q1
ni/labview < 2022
NI/LabVIEW < 23.0.0
NI/LabVIEW 23.1.0 - 23.3.9
NI/LabVIEW 24.1.0 - 24.3.6
NI/LabVIEW 25.1.0 - 25.3.4
NI/LabVIEW 26.1.0 - 26.1.1
Published Apr 07, 2026
Tracked Since Apr 08, 2026