{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0954", "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "state": "PUBLISHED", "assignerShortName": "NI", "dateReserved": "2026-01-14T19:16:22.774Z", "datePublished": "2026-03-13T14:31:25.652Z", "dateUpdated": "2026-03-15T01:51:19.364Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "shortName": "NI", "dateUpdated": "2026-03-13T14:31:25.652Z"}, "title": "Out-Of-Bounds Write When Opening a Corrupt DSB File in Digilent DASYLab", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds write", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "affected": [{"vendor": "Digilent", "product": "DASYLab", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "*", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DSB file in Digilent DASYLab. \u00a0This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .DSB file. This vulnerability affects all versions of Digilent DASYLab.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DSB file in Digilent DASYLab. &nbsp;This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .DSB file. This vulnerability affects all versions of Digilent DASYLab.</p>"}]}], "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/out-of-bounds-write-vulnerabilities-in-digilent-dasylab.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.5, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "Anonymous working with Trend Micro Zero Day Initiative", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0954", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-14T03:55:30.337130Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-15T01:51:19.364Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0954", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-14T03:55:30.337130Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T18:07:38.783Z"}}], "cna": {"title": "Out-Of-Bounds Write When Opening a Corrupt DSB File in Digilent DASYLab", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Anonymous working with Trend Micro Zero Day Initiative"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Digilent", "product": "DASYLab", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "*"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/out-of-bounds-write-vulnerabilities-in-digilent-dasylab.html"}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DSB file in Digilent DASYLab. \u00a0This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .DSB file. This vulnerability affects all versions of Digilent DASYLab.", "supportingMedia": [{"type": "text/html", "value": "<p>There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DSB file in Digilent DASYLab. &nbsp;This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .DSB file. This vulnerability affects all versions of Digilent DASYLab.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds write"}]}], "providerMetadata": {"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "shortName": "NI", "dateUpdated": "2026-03-13T14:31:25.652Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0954", "state": "PUBLISHED", "dateUpdated": "2026-03-15T01:51:19.364Z", "dateReserved": "2026-01-14T19:16:22.774Z", "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "datePublished": "2026-03-13T14:31:25.652Z", "assignerShortName": "NI"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ni:dasylab:*:*:*:*:*:*:*:*", "matchCriteriaId": "C82FAA96-B2A6-45B2-B5ED-00E56EAB3274", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DSB file in Digilent DASYLab. \u00a0This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .DSB file. This vulnerability affects all versions of Digilent DASYLab."}, {"lang": "es", "value": "Existe una vulnerabilidad de corrupci\u00f3n de memoria debido a una escritura fuera de l\u00edmites al cargar un archivo DSB corrupto en Digilent DASYLab. Esta vulnerabilidad puede resultar en revelaci\u00f3n de informaci\u00f3n o ejecuci\u00f3n de c\u00f3digo arbitrario. La explotaci\u00f3n exitosa requiere que un atacante consiga que un usuario abra un archivo .DSB especialmente dise\u00f1ado. Esta vulnerabilidad afecta a todas las versiones de Digilent DASYLab."}], "id": "CVE-2026-0954", "lastModified": "2026-03-19T17:40:06.383", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security@ni.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@ni.com", "type": "Secondary"}]}, "published": "2026-03-13T19:53:57.210", "references": [{"source": "security@ni.com", "tags": ["Vendor Advisory"], "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/out-of-bounds-write-vulnerabilities-in-digilent-dasylab.html"}], "sourceIdentifier": "security@ni.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "security@ni.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DASYLab", "source": "cna", "vendor": "Digilent"}, "product": "dasylab", "vendor": "digilent"}], "analysis": {"en": {"generated_at": "2026-03-19T18:27:24.310287+00:00", "value": {"mitigation_remediation": ["Check the Digilent or National Instruments security update page for an available patch or newer version of DASYLab. ", "Do not open unfamiliar or untrusted .DSB files until a patch has been applied. ", "Apply the vendor\u2019s patch or upgrade to the latest supported version of DASYLab as soon as possible. ", "Limit the use of DASYLab to trusted users and restrict file download permissions as a temporary control.", "Monitor system logs for unexpected activity related to DASYLab operations."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "All versions of Digilent DASYLab are affected. The affected product is listed in the vendor/product list as Digilent:DASYLab and the CPE string cpe:2.3:a:ni:dasylab:*:*:*:*:*:*:*:* indicates a broad application across all releases.", "description_and_impact": "This vulnerability is a memory corruption issue caused by an out\u2011of\u2011bounds write that occurs when Digilent DASYLab opens a corrupted .DSB file. The flaw can lead to information disclosure or arbitrary code execution, as indicated by the vulnerability description and the CVE score of 8.5. It is characterized by CWE\u2011787.\"", "risk_and_exploitability": "The CVSS score of 8.5 denotes high severity, but the EPSS score is reported as less than 1%, suggesting low exploitation probability at present. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to supply a specially crafted .DSB file and convince a user to open it, indicating that user interaction is a prerequisite for success. Because of the high impact and user\u2011dependent attack vector, the overall risk can be considered moderate with a clear potential for severe compromise if an exploit is delivered to an end\u2011user."}}}}, "created": "2026-03-16T09:25:15.801124+00:00", "updated": "2026-03-23T12:02:56.534894+00:00", "vendors": ["digilent", "digilent$PRODUCT$dasylab"]}