CVE-2026-32864

EUVD-2026-19908
There is a memory corruption vulnerability due to an out-of-bounds read in mgcore_SH_25_3!aligned_free() in NI LabVIEW.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NICNA
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
nilabview
𝑥
< 23.0.0
CNA
nilabview
23.1.0 ≤
𝑥
< 23.3.9
CNA
nilabview
24.1.0 ≤
𝑥
< 24.3.6
CNA
nilabview
25.1.0 ≤
𝑥
< 25.3.4
CNA
nilabview
26.1.0 ≤
𝑥
< 26.1.1
CNA
Common Weakness Enumeration
References
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/memory-corruption-vulnerabilities-in-ni-labview.html