ZDI 2026-04-15

ZDI-26-291: NI LabVIEW LVCLASS File Parsing Memory Corruption Remote Code Execution Vulnerability

CVE-2026-32861

Machine-generated analysis · WAYSCloud LLM

The vulnerability affects NI LabVIEW during LVCLASS file parsing, leading to memory corruption.

Context

NI LabVIEW is affected by a memory corruption vulnerability when parsing LVCLASS files. The vulnerability can be exploited remotely if a user opens a malicious file or visits a malicious page. The advisory notes user interaction is required for exploitation. Worth noting, the CVSS score is 7.8, indicating a medium to high severity impact.

Operator considerations

Check: Verify if NI LabVIEW is installed and used in environments where users may open untrusted files.

From Zero Day Initiative ↗

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-32861.

Read the full advisory on ZDI →