CVE-2026-32860
Published: 07 April 2026
Summary
CVE-2026-32860 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Ni Labview. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 6.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely flaw remediation through vendor patches to directly fix the out-of-bounds write vulnerability in NI LabVIEW when parsing LVLIB files.
Implements memory protection safeguards like non-executable memory regions or address space randomization to prevent arbitrary code execution from the out-of-bounds write in LabVIEW.
Mandates validation of LVLIB file inputs to LabVIEW to reject malformed files that trigger the memory corruption vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Memory corruption in LabVIEW client app parsing of malicious .lvlib file enables direct client-side exploitation (T1203) via user opening the crafted file (T1204.002) for RCE/info disclosure.
NVD Description
There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVLIB file in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user…
more
to open a specially crafted .lvlib file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.
Deeper analysisAI
CVE-2026-32860 is a memory corruption vulnerability stemming from an out-of-bounds write that occurs when NI LabVIEW loads a corrupted LVLIB file. This flaw affects NI LabVIEW 2026 Q1 (version 26.1.0) and all prior versions. Classified under CWE-787, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.
Exploitation requires an attacker to entice a user into opening a specially crafted .lvlib file within LabVIEW, making it a local attack vector with no privileges needed but user interaction mandatory. Successful exploitation could lead to information disclosure or arbitrary code execution on the victim's system.
NI has issued a security advisory detailing the LV project library file parsing issue, available at https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/lv-project-library-file-parsing-memory-corruption-vulnerability-in-ni-labview.html, which provides information on critical and security updates for mitigation.
Details
- CWE(s)