High severity7.8NVD Advisory· Published Apr 7, 2026· Updated Apr 13, 2026
CVE-2026-32861
CVE-2026-32861
Description
There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVCLASS file in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .lvclass file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
30cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*+ 29 more
- cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*range: <=2022
- cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2023:q3_patch3:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2023:q3_patch4:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2023:q3_patch5:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2023:q3_patch6:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2023:q3_patch7:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2023:q3_patch8:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2024:-:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2024:q1_patch1:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2024:q3:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2024:q3_patch1:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2024:q3_patch2:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2024:q3_patch3:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2024:q3_patch4:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2024:q3_patch5:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2025:q1:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2025:q1_patch1:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2025:q1_patch2:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2025:q1_patch3:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2025:q3:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2025:q3_patch1:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2025:q3_patch2:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2025:q3_patch3:*:*:*:*:*:*
- cpe:2.3:a:ni:labview:2026:q1:*:*:*:*:*:*
- (no CPE)range: <=26.1.0
Patches
Vulnerability mechanics
References
1News mentions
1- ZDI-26-291: NI LabVIEW LVCLASS File Parsing Memory Corruption Remote Code Execution VulnerabilityZero Day Initiative · Apr 15, 2026