Skip to main content

Dasylab EUVD-2026-12035

| CVE-2026-0954 HIGH
Out-of-bounds Write (CWE-787)
2026-03-13 NI
Buffer Overflow Information Disclosure RCE Memory Corruption Dasylab
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 13, 2026 - 16:57 euvd
EUVD-2026-12035
Analysis Generated
Mar 13, 2026 - 16:57 vuln.today
CVE Published
Mar 13, 2026 - 14:31 nvd
HIGH 7.8

DescriptionCVE.org

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DSB file in Digilent DASYLab.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .DSB file. This vulnerability affects all versions of Digilent DASYLab.

AnalysisAI

Memory corruption vulnerability in all versions of Digilent DASYLab data acquisition software that allows attackers to achieve arbitrary code execution or information disclosure by tricking users into opening malicious .DSB files. With a CVSS score of 7.8 and requiring only user interaction, this out-of-bounds write vulnerability poses significant risk, though no active exploitation or public POCs have been reported.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious DSB file
Delivery
Deliver file to target user
Exploit
User opens DSB in DASYLab
Execution
Out-of-bounds write triggered
Impact
Arbitrary code execution
Sign in to reveal

Vulnerability AssessmentAI

Exploitation User must open a specially crafted .DSB file in Digilent DASYLab. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment While the CVSS 7.8 score indicates high severity, real-world exploitation risk appears moderate. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious .DSB file containing oversized or malformed data structures that trigger the out-of-bounds write when loaded. The corrupted file could be delivered via spear-phishing email targeting engineers or researchers, disguised as legitimate project data. …
Remediation As of the advisory date, no patches are available for any DASYLab version. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all systems running DASYLab and restrict file access permissions to limit .DSB file exposure; notify users to avoid opening files from untrusted sources. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-12035 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy