Description
There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr() in NI LabVIEW.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.
Published: 2026-04-07
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Information disclosure or arbitrary code execution
Action: Immediate Patch
AI Analysis

Impact

The file handler ResFileFactory::InitResourceMgr() in NI LabVIEW contains an out-of-bounds write that may corrupt memory. When a user opens a specially crafted VI file, the overflow can leak sensitive data or allow the attacker to execute arbitrary code. This flaw is an example of CWE‑787, an out‑of‑bounds write, which directly compromises confidentiality and integrity.

Affected Systems

National Instruments LabVIEW, versions 2026 Q1 (26.1.0) and all earlier releases. Any installation lacking the corresponding security update is vulnerable.

Risk and Exploitability

The vulnerability has a CVSS score of 8.5 and an EPSS of less than 1 %, indicating a high severity but a low probability of exploitation in the wild. It is not listed in CISA’s KEV catalog. Successful exploitation requires an end‑user to open a malicious VI file, so convincing a user or gaining local access are prerequisites for attacker success.

Generated by OpenCVE AI on April 13, 2026 at 16:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest NI LabVIEW security update from the National Instruments support website, which patches the out-of-bounds write in ResFileFactory::InitResourceMgr().
  • Verify that all LabVIEW instances are upgraded to a patched version before deploying or sharing VI files.
  • If a patch cannot be applied immediately, restrict the ability of end-users to open external or untrusted VI files and enforce strict file‑source controls.

Generated by OpenCVE AI on April 13, 2026 at 16:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q3_patch3:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q3_patch4:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q3_patch5:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q3_patch6:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q3_patch7:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q3_patch8:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2024:-:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2024:q1_patch1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2024:q3:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2024:q3_patch1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2024:q3_patch2:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2024:q3_patch3:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2024:q3_patch4:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2024:q3_patch5:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2025:q1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2025:q1_patch1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2025:q1_patch2:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2025:q1_patch3:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2025:q3:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2025:q3_patch1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2025:q3_patch2:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2025:q3_patch3:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2026:q1:*:*:*:*:*:*

Tue, 07 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Description There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr() in NI LabVIEW.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.
Title Out-of-Bounds Write in ResFileFactory::InitResourceMgr()
First Time appeared Ni
Ni labview
Weaknesses CWE-787
CPEs cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*
Vendors & Products Ni
Ni labview
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Ni Labview
cve-icon MITRE

Status: PUBLISHED

Assigner: NI

Published:

Updated: 2026-04-08T03:55:54.567Z

Reserved: 2026-03-16T20:29:24.841Z

Link: CVE-2026-32862

cve-icon Vulnrichment

Updated: 2026-04-07T20:38:46.087Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-07T20:16:24.883

Modified: 2026-04-13T14:54:08.713

Link: CVE-2026-32862

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:40:50Z

Weaknesses