HIGHCVE-2026-32861Published Modified CNA NI
CVE-2026-32861: Out-of-Bounds Write Vulnerability in NI LabVIEW when loading lvclass file
There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVCLASS file in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .lvclass file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.
Metrics
- CVSS v4.0
- 8.5
- Severity
- HIGH
- Fixed in
- 23.0.0
- Affected Products
- 1
Fix available
23.0.023.3.924.3.625.3.426.1.1
Affected packages
- NI / LabVIEW< 23.0.0 (from 0) · < 23.3.9 (from 23.1.0) · < 24.3.6 (from 24.1.0) · < 25.3.4 (from 25.1.0) · < 26.1.1 (from 26.1.0)
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NReferences