CVE-2026-32864
Published: 07 April 2026
Summary
CVE-2026-32864 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Ni Labview. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 4.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the memory corruption vulnerability by requiring timely identification, reporting, and application of vendor-provided patches for NI LabVIEW as detailed in the security advisory.
Implements memory protection mechanisms such as address space layout randomization and non-executable memory to prevent exploitation of out-of-bounds reads leading to information disclosure or code execution.
Validates and sanitizes inputs from specially crafted VI files to reduce the risk of triggering the out-of-bounds read in the mgcore_SH_25_3!aligned_free() function.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local memory corruption RCE triggered by opening a crafted VI file directly enables T1203 (Exploitation for Client Execution) and T1204.002 (User Execution: Malicious File).
NVD Description
There is a memory corruption vulnerability due to an out-of-bounds read in mgcore_SH_25_3!aligned_free() in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially…
more
crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.
Deeper analysisAI
CVE-2026-32864 is a memory corruption vulnerability caused by an out-of-bounds read in the mgcore_SH_25_3!aligned_free() function within NI LabVIEW. This issue affects NI LabVIEW 2026 Q1 (version 26.1.0) and all prior versions. Mapped to CWE-125, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts.
The vulnerability can be exploited locally when an attacker convinces a user to open a specially crafted VI file. No special privileges are required, but user interaction is necessary. Successful exploitation may result in information disclosure or arbitrary code execution on the affected system.
The National Instruments security advisory at https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/memory-corruption-vulnerabilities-in-ni-labview.html details available critical and security updates addressing memory corruption vulnerabilities in NI LabVIEW.
Details
- CWE(s)