CVE-2026-32861
Published: 07 April 2026
Summary
CVE-2026-32861 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Ni Labview. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 6.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely identification, reporting, and correction of the memory corruption flaw in NI LabVIEW via vendor patches to prevent exploitation.
Mandates vulnerability scanning to identify systems with vulnerable LabVIEW versions and remediation within defined timeframes, addressing this specific CVE.
Provides memory protection mechanisms like ASLR and DEP to mitigate the impact of out-of-bounds writes during LVCLASS file parsing, hindering arbitrary code execution.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Memory corruption in LVCLASS file parser enables client-side RCE when user opens malicious file (T1203 Exploitation for Client Execution + T1204.002 Malicious File).
NVD Description
There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVCLASS file in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user…
more
to open a specially crafted .lvclass file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.
Deeper analysisAI
CVE-2026-32861 is a memory corruption vulnerability stemming from an out-of-bounds write that occurs when NI LabVIEW loads a corrupted LVCLASS file. This flaw affects NI LabVIEW 2026 Q1 (version 26.1.0) and all prior versions. Classified under CWE-787, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.
Exploitation requires an attacker to entice a user into opening a specially crafted .lvclass file within a vulnerable LabVIEW installation. As a local attack vector with no required privileges but necessitating user interaction, a successful exploit could lead to information disclosure or arbitrary code execution on the affected system.
The official NI security advisory details available critical and security updates to address this LV class file parsing memory corruption vulnerability in LabVIEW, available at https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/lv-class-file-parsing-memory-corruption-vulnerability-in-ni-labview.html. Security practitioners should apply these patches promptly to vulnerable installations.
Details
- CWE(s)