{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32862", "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "state": "PUBLISHED", "assignerShortName": "NI", "dateReserved": "2026-03-16T20:29:24.841Z", "datePublished": "2026-04-07T19:50:36.912Z", "dateUpdated": "2026-04-08T03:55:54.567Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "shortName": "NI", "dateUpdated": "2026-04-07T19:50:36.912Z"}, "title": "Out-of-Bounds Write in ResFileFactory::InitResourceMgr()", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds write", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "affected": [{"vendor": "NI", "product": "LabVIEW", "versions": [{"status": "affected", "version": "0", "lessThan": "23.0.0", "versionType": "semver"}, {"status": "affected", "version": "23.1.0", "lessThan": "23.3.9", "versionType": "semver"}, {"status": "affected", "version": "24.1.0", "lessThan": "24.3.6", "versionType": "semver"}, {"status": "affected", "version": "25.1.0", "lessThan": "25.3.4", "versionType": "semver"}, {"status": "affected", "version": "26.1.0", "lessThan": "26.1.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*", "versionStartIncluding": "0", "versionEndExcluding": "23.0.0"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*", "versionStartIncluding": "23.1.0", "versionEndExcluding": "23.3.9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*", "versionStartIncluding": "24.1.0", "versionEndExcluding": "24.3.6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*", "versionStartIncluding": "25.1.0", "versionEndExcluding": "25.3.4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*", "versionStartIncluding": "26.1.0", "versionEndExcluding": "26.1.1"}]}]}], "descriptions": [{"lang": "en", "value": "There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr() in NI LabVIEW.\u00a0 This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr() in NI LabVIEW.&nbsp; This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.</p>"}]}], "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/memory-corruption-vulnerabilities-in-ni-labview.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.5, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "Michael Heinzl", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-32862"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T03:55:54.567Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32862", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-07T20:31:05.853939Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T20:38:46.087Z"}}], "cna": {"title": "Out-of-Bounds Write in ResFileFactory::InitResourceMgr()", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Michael Heinzl"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NI", "product": "LabVIEW", "versions": [{"status": "affected", "version": "0", "lessThan": "23.0.0", "versionType": "semver"}, {"status": "affected", "version": "23.1.0", "lessThan": "23.3.9", "versionType": "semver"}, {"status": "affected", "version": "24.1.0", "lessThan": "24.3.6", "versionType": "semver"}, {"status": "affected", "version": "25.1.0", "lessThan": "25.3.4", "versionType": "semver"}, {"status": "affected", "version": "26.1.0", "lessThan": "26.1.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/memory-corruption-vulnerabilities-in-ni-labview.html"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr() in NI LabVIEW.\u00a0 This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.", "supportingMedia": [{"type": "text/html", "value": "<p>There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr() in NI LabVIEW.&nbsp; This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds write"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "23.0.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "23.3.9", "versionStartIncluding": "23.1.0"}, {"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "24.3.6", "versionStartIncluding": "24.1.0"}, {"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "25.3.4", "versionStartIncluding": "25.1.0"}, {"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "26.1.1", "versionStartIncluding": "26.1.0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "shortName": "NI", "dateUpdated": "2026-04-07T19:50:36.912Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32862", "state": "PUBLISHED", "dateUpdated": "2026-04-08T03:55:54.567Z", "dateReserved": "2026-03-16T20:29:24.841Z", "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "datePublished": "2026-04-07T19:50:36.912Z", "assignerShortName": "NI"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E2E0B40-5E0A-47F8-8A1A-FEF10C1CA4EF", "versionEndIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*", "matchCriteriaId": "D7DD2022-CFB7-4F38-B459-C1AFB55B5B68", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*", "matchCriteriaId": "18AB0B07-72FE-4861-B69D-AD2E87C5382E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:*", "matchCriteriaId": "91928C9C-F094-4EE4-9FBE-2B7956D68E6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*", "matchCriteriaId": "044C4B51-C641-41F2-ACA0-834C99D63285", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch3:*:*:*:*:*:*", "matchCriteriaId": "26EEE5E3-AD37-4832-A66C-5F8F7A478F30", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch4:*:*:*:*:*:*", "matchCriteriaId": "5DC20B17-C582-42C4-9780-5DC61B4AED91", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch5:*:*:*:*:*:*", "matchCriteriaId": "329575A0-F12E-478B-9A83-F747D6A161AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch6:*:*:*:*:*:*", "matchCriteriaId": "F25A1816-08CA-4467-8025-AD57562D7C35", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch7:*:*:*:*:*:*", "matchCriteriaId": "B282A345-3513-42FE-86C7-B38EA401CE7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch8:*:*:*:*:*:*", "matchCriteriaId": "90B91B54-D198-4810-8696-33C66EFBCC14", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2024:-:*:*:*:*:*:*", "matchCriteriaId": "2619FCBC-4CE0-46D6-8536-CC68374CCFA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*", "matchCriteriaId": "7753CCDF-BAF8-4F91-B85B-EBB2B88F6F30", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2024:q1_patch1:*:*:*:*:*:*", "matchCriteriaId": "953E8FD0-4420-4592-B696-C377D4EE0CA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2024:q3:*:*:*:*:*:*", "matchCriteriaId": "5D99DCCD-511E-482E-8307-24382D1B621B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch1:*:*:*:*:*:*", "matchCriteriaId": "600A4905-B888-454F-9DF6-1C09FB71DBE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch2:*:*:*:*:*:*", "matchCriteriaId": "AD79D082-AFF5-42CB-9D6C-12CF9A59D205", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch3:*:*:*:*:*:*", "matchCriteriaId": "3B759A99-F766-4FE4-A1FF-A2D5026A6BD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch4:*:*:*:*:*:*", "matchCriteriaId": "BC3DC6DA-16FA-443D-B050-23CB7EC6602E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch5:*:*:*:*:*:*", "matchCriteriaId": "68F532A2-A27F-4B45-9F87-271C3F485D4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2025:q1:*:*:*:*:*:*", "matchCriteriaId": "FB0991CF-642F-46D2-9C47-9540347DC074", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch1:*:*:*:*:*:*", "matchCriteriaId": "D776E6DE-2635-4172-B08D-B7FB2D1048F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch2:*:*:*:*:*:*", "matchCriteriaId": "55237E7D-9149-4204-A8FE-354CD2BC1220", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch3:*:*:*:*:*:*", "matchCriteriaId": "FCD3C5B7-0060-453E-BA84-5FCA1BCF862C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2025:q3:*:*:*:*:*:*", "matchCriteriaId": "2687359A-8469-4E4A-A0BA-0AC6CFDD0344", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2025:q3_patch1:*:*:*:*:*:*", "matchCriteriaId": "4D80D557-E4E0-4EDD-95EC-6BA679C5E018", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2025:q3_patch2:*:*:*:*:*:*", "matchCriteriaId": "93777929-90AB-4B5C-946B-7052B9DE91C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2025:q3_patch3:*:*:*:*:*:*", "matchCriteriaId": "AC216B7F-07E3-449D-A968-12086309661F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2026:q1:*:*:*:*:*:*", "matchCriteriaId": "369376E8-F328-4D36-818A-08364E43C2CD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr() in NI LabVIEW.\u00a0 This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions."}], "id": "CVE-2026-32862", "lastModified": "2026-04-13T14:54:08.713", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security@ni.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@ni.com", "type": "Secondary"}]}, "published": "2026-04-07T20:16:24.883", "references": [{"source": "security@ni.com", "tags": ["Vendor Advisory"], "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/memory-corruption-vulnerabilities-in-ni-labview.html"}], "sourceIdentifier": "security@ni.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "security@ni.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,23.0.0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[23.1.0,23.3.9)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[24.1.0,24.3.6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[25.1.0,25.3.4)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[26.1.0,26.1.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "inferred", "scores": [{"score": 100.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "LabVIEW", "source": "cna", "vendor": "NI"}, "product": "labview", "vendor": "ni"}], "analysis": {"en": {"generated_at": "2026-04-13T16:30:27.578603+00:00", "value": {"mitigation_remediation": ["Download and install the latest NI LabVIEW security update from the National Instruments support website, which patches the out-of-bounds write in ResFileFactory::InitResourceMgr().", "Verify that all LabVIEW instances are upgraded to a patched version before deploying or sharing VI files.", "If a patch cannot be applied immediately, restrict the ability of end-users to open external or untrusted VI files and enforce strict file\u2011source controls."], "summary": {"action": "Immediate Patch", "impact": "Information disclosure or arbitrary code execution"}, "threat_synthesis": {"affected_systems": "National Instruments LabVIEW, versions 2026\u202fQ1 (26.1.0) and all earlier releases. Any installation lacking the corresponding security update is vulnerable.", "description_and_impact": "The file handler ResFileFactory::InitResourceMgr() in NI LabVIEW contains an out-of-bounds write that may corrupt memory. When a user opens a specially crafted VI file, the overflow can leak sensitive data or allow the attacker to execute arbitrary code. This flaw is an example of CWE\u2011787, an out\u2011of\u2011bounds write, which directly compromises confidentiality and integrity.", "risk_and_exploitability": "The vulnerability has a CVSS score of 8.5 and an EPSS of less than 1\u202f%, indicating a high severity but a low probability of exploitation in the wild. It is not listed in CISA\u2019s KEV catalog. Successful exploitation requires an end\u2011user to open a malicious VI file, so convincing a user or gaining local access are prerequisites for attacker success."}}}}, "created": "2026-04-08T19:34:32.959795+00:00", "updated": "2026-04-14T16:40:50.644161+00:00", "vendors": ["ni", "ni$PRODUCT$labview"]}