Skip to main content

NI-PAL CVE-2026-8036

| EUVDEUVD-2026-33992 HIGH
Improper Validation of Specified Index, Position, or Offset in Input (CWE-1285)
2026-06-02 NI GHSA-ghx9-cc3j-7qrg
8.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.4 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

6
Analysis Updated
Jun 02, 2026 - 20:28 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 02, 2026 - 20:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 02, 2026 - 20:22 vuln.today
cvss_changed
CVSS changed
Jun 02, 2026 - 20:22 NVD
7.1 (HIGH) 8.4 (HIGH)
Analysis Generated
Jun 02, 2026 - 20:20 vuln.today
CVE Published
Jun 02, 2026 - 17:26 nvd
HIGH 7.1

DescriptionCVE.org

Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux.

AnalysisAI

Local privilege escalation in National Instruments NI-PAL versions 26.3.0 and earlier on Windows and Linux allows authenticated low-privileged users to read arbitrary system memory through improper input validation, potentially leading to full privilege escalation. CVSS 4.0 base score is 8.4 (High) reflecting the local attack vector but high confidentiality and integrity impact. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Technical ContextAI

NI-PAL is the Platform Abstraction Layer used by National Instruments software stacks (including LabVIEW, DAQmx, and other measurement/automation tooling) to mediate hardware and OS-level operations across Windows and Linux. The root cause is CWE-1285 (Improper Validation of Specified Index, Position, or Offset in Input), meaning the component accepts an index/offset/pointer value from a caller and uses it to read or address memory without sufficient bounds checks. Because PAL components frequently expose IOCTL-style interfaces, kernel drivers, or privileged user-mode services to lower-privileged callers, an unchecked offset allows the privileged side to be coerced into reading attacker-chosen kernel or process memory regions, which is the standard primitive used to leak credentials, tokens, or kernel pointers needed for full LPE. The affected CPE is cpe:2.3:a:ni:ni-pal:*:*:*:*:*:*:*:*.

RemediationAI

Patch available per vendor advisory: upgrade NI-PAL to the fixed release identified in NI's security bulletin at https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/invalid-input-validation-vulnerabilities-in-ni-pal.html (an exact post-26.3.0 fixed version is not independently confirmed in the data provided, so verify the version string against the NI advisory before deployment). Because the vulnerability requires local authenticated access, compensating controls until patching is complete include restricting interactive and remote-shell logon to NI engineering workstations to a small set of trusted operators, removing local administrator rights from standard NI software users, disabling unattended/shared login sessions on lab machines, and using application allow-listing (WDAC/AppLocker on Windows, SELinux/AppArmor on Linux) to prevent untrusted binaries from invoking the NI-PAL interface; the trade-off is operational friction for technicians who normally run ad-hoc scripts against NI hardware. Monitor process creation and driver-loading telemetry on hosts running NI software for unexpected children of NI service processes as a detection backstop.

Share

CVE-2026-8036 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy