What is the CVSS score of CVE-2026-0954?

CVE-2026-0954 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Dasylab are affected by CVE-2026-0954?

CVE-2026-0954 is a high-severity vulnerability affecting all versions of Digilent DASYLab that could allow attackers to execute arbitrary code or steal sensitive data if users open malicious files.

How to fix or mitigate CVE-2026-0954?

Within 24 hours: Identify all systems running DASYLab and restrict file access permissions to limit .DSB file exposure; notify users to avoid opening files from untrusted sources. Within 7 days: Implement file type restrictions at email gateways and endpoints to block or quarantine .DSB files; segment DASYLab systems from critical infrastructure where possible. Within 30 days: Monitor vendor advisories for patch availability and prepare deployment plan; conduct risk assessment to determine if alternative software or offline operation mode is feasible for high-risk deployments.

Dasylab CVE-2026-0954

EUVD-2026-12035 HIGH

Out-of-bounds Write (CWE-787)

2026-03-13 NI

Buffer Overflow Information Disclosure RCE Memory Corruption Dasylab

7.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 13, 2026 - 16:57 euvd

EUVD-2026-12035

Analysis Generated

Mar 13, 2026 - 16:57 vuln.today

CVE Published

Mar 13, 2026 - 14:31 nvd

HIGH 7.8

DescriptionCVE.org

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DSB file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .DSB file. This vulnerability affects all versions of Digilent DASYLab.

AnalysisAI

Memory corruption vulnerability in all versions of Digilent DASYLab data acquisition software that allows attackers to achieve arbitrary code execution or information disclosure by tricking users into opening malicious .DSB files. With a CVSS score of 7.8 and requiring only user interaction, this out-of-bounds write vulnerability poses significant risk, though no active exploitation or public POCs have been reported.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Craft malicious DSB file

Delivery

Deliver file to target user

Exploit

User opens DSB in DASYLab

Execution

Out-of-bounds write triggered

Impact

Arbitrary code execution

Access

Craft malicious DSB file

Delivery

Deliver file to target user

Exploit

User opens DSB in DASYLab

Execution

Out-of-bounds write triggered

Impact

Arbitrary code execution

Vulnerability AssessmentAI

Exploitation	User must open a specially crafted .DSB file in Digilent DASYLab. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	While the CVSS 7.8 score indicates high severity, real-world exploitation risk appears moderate. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker crafts a malicious .DSB file containing oversized or malformed data structures that trigger the out-of-bounds write when loaded. The corrupted file could be delivered via spear-phishing email targeting engineers or researchers, disguised as legitimate project data. …
Remediation	As of the advisory date, no patches are available for any DASYLab version. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running DASYLab and restrict file access permissions to limit .DSB file exposure; notify users to avoid opening files from untrusted sources. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-0954 vulnerability details – vuln.today

Back

Dasylab CVE-2026-0954

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code