Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr() in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.
AnalysisAI
Memory corruption in NI LabVIEW's ResFileFactory::InitResourceMgr() function allows arbitrary code execution or information disclosure when users open malicious VI files. Affects LabVIEW 2026 Q1 (26.1.0) and all prior versions. CVSS 8.5 severity reflects high impact potential, though exploitation requires user interaction to open a crafted file. No public exploit identified at time of analysis, with EPSS data unavailable for this recently assigned CVE. Local attack vector limits remote exploitation scenarios.
Technical ContextAI
This vulnerability stems from an out-of-bounds write (CWE-787) in the ResFileFactory::InitResourceMgr() function within NI LabVIEW's resource file handling subsystem. LabVIEW VI (Virtual Instrument) files contain executable graphical code and embedded resources that must be parsed and initialized when opened. The ResFileFactory component manages resource initialization during VI file loading. The out-of-bounds write occurs during this initialization process, allowing memory corruption beyond allocated buffer boundaries. This class of vulnerability typically arises from insufficient bounds checking when processing untrusted file data structures, particularly during deserialization or resource allocation operations. The CPE identifier cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:* indicates all LabVIEW versions through 26.1.0 contain vulnerable code in this resource management component, suggesting a long-standing architectural issue rather than a recent regression.
RemediationAI
Users should upgrade to the patched version of NI LabVIEW specified in the vendor security advisory at https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/memory-corruption-vulnerabilities-in-ni-labview.html. The advisory title references memory corruption vulnerabilities (plural), suggesting multiple fixes may be bundled in the security update. Until patching is complete, organizations should implement defense-in-depth controls: restrict VI file sources to trusted repositories only, implement application whitelisting to prevent unauthorized LabVIEW file execution, and educate users about the risks of opening VI files from untrusted sources or email attachments. Network segmentation can limit lateral movement if exploitation occurs in air-gapped or OT environments where LabVIEW commonly operates. Consider file integrity monitoring for VI files in production environments to detect unauthorized modifications. For legacy systems unable to upgrade immediately, disable unnecessary file format handlers and restrict file system permissions to minimize attack surface.
An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabV
An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW
Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows
Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWi
Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may res
Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformation() that may result
Memory corruption via out-of-bounds read in NI LabVIEW's mgcore_SH_25_3!aligned_free() function enables information disc
Memory corruption in NI LabVIEW 26.1.0 and earlier allows local attackers to execute arbitrary code or disclose sensitiv
Memory corruption via out-of-bounds write in NI LabVIEW allows arbitrary code execution and information disclosure when
Memory corruption via out-of-bounds write in NI LabVIEW allows arbitrary code execution when processing malicious LVLIB
An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW may disclose informa
An out of bounds read due to improper input validation when loading the font table in fontmgr.cpp in NI LabVIEW may disc
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19903
GHSA-2hvj-57fv-jjcc