CVE-2026-32862
Published: 07 April 2026
Summary
CVE-2026-32862 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Ni Labview. Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 4.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2026-32862 is a memory corruption vulnerability caused by an out-of-bounds write in the ResFileFactory::InitResourceMgr() function in NI LabVIEW. This issue affects NI LabVIEW 2026 Q1 (version 26.1.0) and all prior versions, with an associated CWE-787 (Out-of-bounds Write). The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
An attacker can exploit this vulnerability by tricking a user into opening a specially crafted VI file, requiring local access but no privileges. Successful exploitation may result in information disclosure or arbitrary code execution, with high impacts to confidentiality, integrity, and availability on the affected system.
The National Instruments security advisory details available critical and security updates for memory corruption vulnerabilities in NI LabVIEW, including CVE-2026-32862. Practitioners should refer to https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/memory-corruption-vulnerabilities-in-ni-labview.html for patch information and mitigation recommendations.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-19903
Vulnerability details
There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr() in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially…
more
crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Memory corruption (out-of-bounds write) in LabVIEW client app enables RCE when user opens crafted VI file (T1203 Exploitation for Client Execution + T1204.002 Malicious File).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates CVE-2026-32862 by requiring timely identification, prioritization, and remediation of the out-of-bounds write flaw through vendor patches as detailed in the NI security advisory.
Implements memory protection mechanisms that defend against exploitation of the out-of-bounds write vulnerability for arbitrary code execution or information disclosure.
Deploys malicious code protection scanning at file entry points to identify and block specially crafted VI files exploiting the memory corruption vulnerability.