Platform
c
Component
mgcore
Fixed in
23.0.0
23.3.9
24.3.6
25.3.4
26.1.1
CVE-2026-32864 describes a memory corruption vulnerability discovered in NI LabVIEW, stemming from an out-of-bounds read within the mgcoreSH253!alignedfree() function. Successful exploitation could allow an attacker to achieve information disclosure or even arbitrary code execution. This vulnerability impacts NI LabVIEW versions 0 through 26.1.1, and a fix is available in version 26.1.1.
The core of this vulnerability lies in an out-of-bounds read, a common root cause for memory corruption issues. An attacker can exploit this by crafting a malicious VI (Virtual Instrument) file. When a user opens this specially crafted file within a vulnerable NI LabVIEW installation, the flawed aligned_free() function is triggered, potentially leading to the disclosure of sensitive information stored in memory. In a worst-case scenario, the attacker could leverage this memory corruption to inject and execute arbitrary code, effectively gaining control of the affected system. The attack surface is broad, as any user who opens a malicious VI file is potentially at risk, making it a significant concern for organizations relying on NI LabVIEW for data acquisition and automation.
CVE-2026-32864 was publicly disclosed on April 7, 2026. There is currently no indication of active exploitation or a KEV listing. Public proof-of-concept (POC) code is not yet available, but the vulnerability's nature (memory corruption via file parsing) suggests it could be relatively straightforward to develop an exploit. The potential for arbitrary code execution elevates the risk profile, warranting prompt patching.
Exploit Status
EPSS
0.02% (4% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-32864 is to upgrade to NI LabVIEW version 26.1.1 or later, which contains the necessary fix. If an immediate upgrade is not feasible, consider implementing stricter file access controls to prevent users from opening untrusted VI files. Network segmentation can limit the potential blast radius if the system is compromised. While a WAF is unlikely to be effective against this type of file-based attack, careful monitoring of file uploads and execution patterns within LabVIEW could provide early warning signs. There are no specific Sigma or YARA rules available at this time, but monitoring for unusual memory access patterns during VI file execution could be beneficial.
Update to NI LabVIEW 2026 Q1 (26.1.1) or later to mitigate this vulnerability. The update corrects the out-of-bounds read in the aligned_free() function. See the NI security page for more details and installation instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-32864 is a HIGH severity vulnerability in NI LabVIEW versions 0–26.1.1. It's a memory corruption issue caused by an out-of-bounds read, potentially leading to information disclosure or code execution when a malicious VI file is opened.
If you are using NI LabVIEW versions 0 through 26.1.1, you are potentially affected. Upgrade to version 26.1.1 or later to mitigate the risk.
The recommended fix is to upgrade to NI LabVIEW version 26.1.1 or a later version that includes the security patch. Consider stricter file access controls as an interim measure.
As of now, there is no confirmed evidence of active exploitation, but the potential for arbitrary code execution warrants vigilance and prompt patching.
Please refer to the National Instruments security advisories page for the latest information and official guidance regarding CVE-2026-32864.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.