Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVLIB file in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .lvlib file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.
AnalysisAI
Memory corruption via out-of-bounds write in NI LabVIEW allows arbitrary code execution when processing malicious LVLIB files. Affects LabVIEW 2026 Q1 (26.1.0) and all prior versions. Attack requires local access and user interaction to open a specially crafted .lvlib project library file (CVSS 8.5, AV:L/PR:N/UI:P). No public exploit identified at time of analysis. EPSS data not available, but the local attack vector and user interaction requirement significantly limit immediate mass exploitation risk despite high CVSS score.
Technical ContextAI
This vulnerability stems from CWE-787 (Out-of-bounds Write) in NI LabVIEW's .lvlib file parser. LVLIB files are LabVIEW project library files containing references to VIs (Virtual Instruments) and project metadata. The out-of-bounds write occurs during parsing of malformed LVLIB file structures, allowing memory corruption beyond allocated buffer boundaries. This classic memory safety flaw in native code can overwrite adjacent memory regions, potentially hijacking control flow or leaking sensitive data from process memory. The affected CPE (cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*) indicates all LabVIEW versions through 2026 Q1 (26.1.0) contain vulnerable parsing code, suggesting a long-standing implementation issue in the LVLIB file format handler rather than a recent regression.
RemediationAI
Patch available per vendor advisory at https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/lv-project-library-file-parsing-memory-corruption-vulnerability-in-ni-labview.html, though the specific fixed version number is not confirmed from available data. Organizations should immediately consult the NI security advisory to identify and deploy the recommended LabVIEW update that addresses the LVLIB parsing flaw. As an interim mitigation until patching is complete, implement strict controls on LVLIB file sources: prohibit opening project library files from untrusted origins, scan email attachments for .lvlib extensions, and educate LabVIEW users about the risks of opening unsolicited project files. Consider application whitelisting or file type blocking at email gateways to prevent delivery of potentially malicious LVLIB files. For air-gapped or legacy LabVIEW systems where immediate patching is not feasible, restrict LVLIB file operations to known-good project repositories with integrity verification.
An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabV
An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW
Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows
Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWi
Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may res
Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformation() that may result
Memory corruption via out-of-bounds read in NI LabVIEW's mgcore_SH_25_3!aligned_free() function enables information disc
Memory corruption in NI LabVIEW 26.1.0 and earlier allows local attackers to execute arbitrary code or disclose sensitiv
Memory corruption in NI LabVIEW's ResFileFactory::InitResourceMgr() function allows arbitrary code execution or informat
Memory corruption via out-of-bounds write in NI LabVIEW allows arbitrary code execution and information disclosure when
An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW may disclose informa
An out of bounds read due to improper input validation when loading the font table in fontmgr.cpp in NI LabVIEW may disc
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19899
GHSA-xrvx-v68m-344q