Platform
c
Component
ni-labview
Fixed in
23.0.0
23.3.9
24.3.6
25.3.4
26.1.1
CVE-2026-32863 describes a memory corruption vulnerability affecting National Instruments (NI) LabVIEW. This flaw stems from an out-of-bounds read within the sentrytransactioncontextsetoperation() function, potentially allowing an attacker to achieve information disclosure or even arbitrary code execution. The vulnerability impacts versions of NI LabVIEW from 0.0.0 through 26.1.1, and a fix is available in version 26.1.1.
Successful exploitation of CVE-2026-32863 requires an attacker to trick a user into opening a specially crafted VI (Virtual Instrument) file. Upon execution, the malicious VI triggers the out-of-bounds read, potentially exposing sensitive information stored in memory. More critically, an attacker could leverage this vulnerability to execute arbitrary code on the affected system, gaining complete control. The potential impact is significant, particularly in environments where LabVIEW is used for critical automation or data acquisition tasks. The ability to execute arbitrary code allows for complete system compromise, including data theft, modification, and denial of service. While no specific real-world exploitation has been publicly reported, the potential for remote code execution makes this a high-priority vulnerability.
CVE-2026-32863 was publicly disclosed on April 7, 2026. Its severity is rated as HIGH (CVSS 7.8). As of this writing, the vulnerability is not listed on the CISA KEV catalog. No public proof-of-concept (PoC) exploits have been released, but the potential for arbitrary code execution suggests a moderate probability of exploitation if a PoC is developed. The reliance on user interaction (opening a malicious file) is a mitigating factor, but social engineering techniques could be used to bypass this requirement.
Exploit Status
EPSS
0.02% (4% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-32863 is to upgrade to NI LabVIEW version 26.1.1 or later, which contains the fix for the out-of-bounds read vulnerability. If upgrading immediately is not feasible, consider restricting the execution of VI files from untrusted sources. Implement strict file access controls to prevent unauthorized users from placing malicious VI files in locations where they can be executed. Network segmentation can also limit the potential blast radius of a successful attack. While a WAF or proxy cannot directly mitigate this vulnerability, they can be configured to block suspicious file uploads or network traffic associated with known exploit attempts. There are no specific Sigma or YARA rules available at this time, but monitoring for unusual process activity related to LabVIEW execution is recommended.
Update to NI LabVIEW version 26.1.1 or later to mitigate the memory corruption vulnerability. Download the update from the NI support website. Ensure you apply all relevant security updates for your version of LabVIEW.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-32863 is a HIGH severity memory corruption vulnerability in NI LabVIEW versions 0.0.0–26.1.1. An out-of-bounds read can lead to information disclosure or arbitrary code execution via a crafted VI file.
If you are using NI LabVIEW versions 0.0.0 through 26.1.1, you are potentially affected by this vulnerability. Upgrade to version 26.1.1 or later to mitigate the risk.
The recommended fix is to upgrade to NI LabVIEW version 26.1.1 or a later version. If immediate upgrade is not possible, restrict execution of VI files from untrusted sources.
As of now, there are no confirmed reports of active exploitation of CVE-2026-32863, but the potential for arbitrary code execution warrants caution.
Please refer to the National Instruments security advisory page for the latest information and updates regarding CVE-2026-32863: [https://www.ni.com/en-us/shop/security/security-advisories.html]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.