Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux.
AnalysisAI
Local denial of service in NI's NI-PAL kernel driver (versions 26.3.0 and prior on Windows and Linux) allows an authenticated local user to crash the host system by sending malformed input that triggers a NULL pointer dereference in kernel space. No public exploit identified at time of analysis, but the kernel-level impact means a successful trigger takes down the entire host, not just the driver process. The issue is vendor-disclosed by NI with an advisory published on ni.com.
Technical ContextAI
NI-PAL (NI Platform Abstraction Layer) is a low-level kernel-mode component distributed by National Instruments that provides hardware abstraction services used by NI's measurement, automation, and DAQ software stacks on both Windows and Linux. Because it runs as a kernel driver, input passed from user-mode (typically via IOCTL or device-file interfaces) crosses a privilege boundary and must be rigorously validated. The root cause is CWE-476 (NULL Pointer Dereference): the driver fails to validate a pointer field - likely an input buffer, handle, or structure member supplied from user space - before dereferencing it inside the kernel, producing a kernel-mode fault (BSOD on Windows, kernel oops/panic on Linux). The CPE cpe:2.3:a:ni:ni-pal:*:*:*:*:*:*:*:* covers all NI-PAL builds up to and including 26.3.0.
RemediationAI
Patch available per vendor advisory - consult the NI security bulletin at https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/invalid-input-validation-vulnerabilities-in-ni-pal.html for the fixed NI-PAL build and apply it via NI Package Manager or the platform's standard update mechanism on every Windows and Linux host running NI software. Until patching is complete, restrict interactive and remote login access to systems running NI-PAL to trusted operators only (the vulnerability requires a local authenticated session), and on shared lab or test-rig hosts consider removing non-essential user accounts or enforcing dedicated single-user operation; note this reduces flexibility for multi-team labs. As a defense-in-depth measure, ensure crash dumps are collected and monitored so any exploitation attempt is detected, and rebuild/reboot procedures are documented since recovery requires a full host restart.
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33991
GHSA-5rw2-422p-gwxr