Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
There is a memory corruption vulnerability due to an out-of-bounds read in mgcore_SH_25_3!aligned_free() in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.
AnalysisAI
Memory corruption via out-of-bounds read in NI LabVIEW's mgcore_SH_25_3!aligned_free() function enables information disclosure or arbitrary code execution when users open maliciously crafted VI files. Affects LabVIEW 2026 Q1 (26.1.0) and all prior versions. CVSS 8.5 severity stems from local attack vector requiring user interaction but no authentication. No public exploit identified at time of analysis, though the vendor advisory confirms the vulnerability's existence and technical details.
Technical ContextAI
This vulnerability resides in the mgcore_SH_25_3 module's aligned_free() function within NI LabVIEW, specifically classified as CWE-125 (Out-of-bounds Read). The flaw occurs during memory deallocation operations when processing LabVIEW Virtual Instrument (VI) files-the proprietary file format for LabVIEW programs containing graphical code, data flow diagrams, and embedded resources. Out-of-bounds read vulnerabilities allow attackers to access memory locations beyond allocated buffers, potentially leaking sensitive information from adjacent memory regions or triggering memory corruption that leads to code execution. The mgcore_SH_25_3 component likely handles core graphics or data structure management, making it critical to VI file parsing. The vulnerability affects the entire LabVIEW product line through version 26.1.0 per the CPE identifier cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*, indicating widespread exposure across National Instruments' engineering and scientific computing platform.
RemediationAI
Organizations should immediately upgrade to the patched version specified in the National Instruments security advisory available at https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/memory-corruption-vulnerabilities-in-ni-labview.html, which addresses this memory corruption vulnerability. The exact fixed version number is available through the vendor advisory link. As an interim mitigation where immediate patching is not feasible, organizations should implement strict controls on VI file sources-prohibiting execution of VI files from untrusted origins, email attachments, or unverified collaboration platforms. Application whitelisting and user awareness training to prevent opening suspicious VI files provide defense-in-depth layers. Network segmentation isolating LabVIEW systems from internet-facing endpoints reduces social engineering attack surface. Organizations should inventory all LabVIEW installations to identify affected versions 26.1.0 and earlier, prioritizing systems processing external VI files or deployed in sensitive engineering environments.
An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabV
An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW
Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows
Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWi
Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may res
Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformation() that may result
Memory corruption in NI LabVIEW 26.1.0 and earlier allows local attackers to execute arbitrary code or disclose sensitiv
Memory corruption in NI LabVIEW's ResFileFactory::InitResourceMgr() function allows arbitrary code execution or informat
Memory corruption via out-of-bounds write in NI LabVIEW allows arbitrary code execution and information disclosure when
Memory corruption via out-of-bounds write in NI LabVIEW allows arbitrary code execution when processing malicious LVLIB
An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW may disclose informa
An out of bounds read due to improper input validation when loading the font table in fontmgr.cpp in NI LabVIEW may disc
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19908