Cyber Posture

CVE-2026-0957

High

Published: 13 March 2026

Published
13 March 2026
Modified
19 March 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0002 6.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-0957 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Ni Dasylab. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 6.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Malicious File (T1204.002). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the out-of-bounds write vulnerability by requiring timely remediation through installation of vendor-provided patches detailed in the NI security advisory for all affected DASYLab versions.

SI-16 Memory Protection good match
prevent

Implements memory protection mechanisms like address space layout randomization and data execution prevention to block exploitation of memory corruption from out-of-bounds writes.

SI-10 Information Input Validation partial match
prevent

Enforces validation and error handling for file inputs to reject specially crafted corrupted files before they trigger the out-of-bounds write in DASYLab.

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
attack.mitre.org →
Why these techniques?

Out-of-bounds write in file parser enables RCE when user opens malicious crafted file (direct match to malicious file user execution).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to…

more

open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab.

Deeper analysisAI

CVE-2026-0957 is a memory corruption vulnerability stemming from an out-of-bounds write in Digilent DASYLab when loading a corrupted file. This flaw affects all versions of the software and is classified under CWE-787, with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

An attacker can exploit this vulnerability by tricking a user into opening a specially crafted file, enabling local access with no required privileges but relying on user interaction. Successful exploitation may lead to information disclosure or arbitrary code execution on the affected system.

The National Instruments security advisory at https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/out-of-bounds-write-vulnerabilities-in-digilent-dasylab.html details available critical and security updates addressing this out-of-bounds write vulnerability in Digilent DASYLab.

Details

CWE(s)
CWE-787

Affected Products

ni
dasylab
all versions

CVEs Like This One

CVE-2026-0954Same product: Ni Dasylab
CVE-2026-0956Same product: Ni Dasylab
CVE-2026-0955Same product: Ni Dasylab
CVE-2026-32862Same vendor: Ni
CVE-2026-32860Same vendor: Ni
CVE-2026-32861Same vendor: Ni
CVE-2026-23715Shared CWE-787
CVE-2025-21161Shared CWE-787
CVE-2025-24441Shared CWE-787
CVE-2025-24451Shared CWE-787

References