Cyber Posture

CVE-2026-0956

High

Published: 13 March 2026

Published
13 March 2026
Modified
19 March 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0002 4.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-0956 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Ni Dasylab. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 4.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Malicious File (T1204.002). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

SI-2 requires organizations to remediate flaws, including this out-of-bounds read vulnerability in DASYLab, through timely patching as provided in the vendor advisory.

SI-16 Memory Protection good match
prevent

SI-16 employs memory protections like DEP and ASLR to prevent arbitrary code execution resulting from memory corruption vulnerabilities such as this out-of-bounds read.

SI-10 Information Input Validation partial match
prevent

SI-10 enforces input validation on files loaded by DASYLab to mitigate out-of-bounds reads from specially crafted corrupted files.

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
attack.mitre.org →
Why these techniques?

Vulnerability is directly exploited by tricking a user into opening a malicious crafted file, enabling arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to…

more

open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab.

Deeper analysisAI

CVE-2026-0956 is a memory corruption vulnerability stemming from an out-of-bounds read in Digilent DASYLab when loading a corrupted file. This flaw affects all versions of the software and is associated with CWE-125. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to potential impacts on confidentiality, integrity, and availability.

An attacker can exploit this vulnerability by convincing a local user to open a specially crafted file in Digilent DASYLab, requiring no privileges but relying on user interaction. Successful exploitation may result in information disclosure or arbitrary code execution on the affected system.

The National Instruments security advisory provides information on available critical and security updates for addressing out-of-bounds read vulnerabilities in Digilent DASYLab, accessible at https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/out-of-bounds-read-vulnerabilities-in-digilent-dasylab.html.

Details

CWE(s)
CWE-125

Affected Products

ni
dasylab
all versions

CVEs Like This One

CVE-2026-0955Same product: Ni Dasylab
CVE-2026-0954Same product: Ni Dasylab
CVE-2026-0957Same product: Ni Dasylab
CVE-2026-32864Same vendor: Ni
CVE-2026-32863Same vendor: Ni
CVE-2025-64735Shared CWE-125
CVE-2026-27294Shared CWE-125
CVE-2026-32927Shared CWE-125
CVE-2025-0591Shared CWE-125
CVE-2026-40026Shared CWE-125

References