Plattform
windows
Komponente
ni-labview
Behoben in
23.0.0
23.3.9
24.3.6
25.3.4
26.1.1
CVE-2026-32862 describes a memory corruption vulnerability discovered in NI LabVIEW, specifically within the ResFileFactory::InitResourceMgr() function. This flaw allows for an out-of-bounds write, potentially leading to information disclosure or even arbitrary code execution if exploited. The vulnerability impacts NI LabVIEW versions 2026 Q1 (26.1.0) and earlier releases; however, a patch is available in version 26.1.1.
A memory corruption vulnerability has been identified in NI LabVIEW, specifically within the ResFileFactory::InitResourceMgr() function. This vulnerability, carrying a CVSS score of 7.8, could potentially allow an attacker to disclose information or achieve arbitrary code execution. The root cause is an out-of-bounds write, which can be exploited if a user opens a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions. The severity of this vulnerability necessitates prompt attention to protect systems utilizing LabVIEW.
Exploitation of this vulnerability requires an attacker to trick a user into opening a malicious VI file. This file is engineered to leverage the vulnerability in ResFileFactory::InitResourceMgr(). Once the file is opened, the attacker could potentially read confidential information from memory or execute malicious code. The risk is particularly elevated in environments where users open files from external sources without proper verification. The complexity of exploitation is not extremely high, making it a significant concern.
Exploit-Status
EPSS
0.02% (5% Perzentil)
CISA SSVC
CVSS-Vektor
The recommended mitigation for this vulnerability is to update to NI LabVIEW version 26.1.1 or later. This update incorporates the necessary fixes to address the out-of-bounds write. In the interim, as a preventative measure, avoid opening VI files from unknown or untrusted sources. Furthermore, maintaining an updated operating system and other applications is crucial to reduce the attack surface. Upgrading to the latest LabVIEW version is the most effective way to protect against this vulnerability.
Actualice a NI LabVIEW versión 26.1.1 o posterior para mitigar la vulnerabilidad de corrupción de memoria. Descargue la actualización desde el sitio web de soporte de NI. Asegúrese de aplicar todas las actualizaciones de seguridad relevantes para su versión de LabVIEW.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
A VI file is the primary file format used by LabVIEW to store programs and projects. It contains the source code, data, and configuration of the program.
If you are using NI LabVIEW 2026 Q1 (26.1.0) or an earlier version, you are likely affected. Check your LabVIEW version under 'Help' -> 'About LabVIEW'.
As a temporary measure, avoid opening VI files from unknown or untrusted sources. Consider implementing additional security controls, such as scanning attachments with antivirus software.
No, there is currently no specific KEV published for this vulnerability.
CVSS (Common Vulnerability Scoring System) is a standard for assessing the severity of vulnerabilities. A score of 7.8 indicates a 'High' risk vulnerability.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.