CVE-2026-0954
Out-of-Bounds Write in Digilent DASYLab Enables Code Execution
Publication date: 2026-03-13
Last updated on: 2026-03-19
Assigner: National Instruments
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ni | dasylab | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-0954 is a memory corruption vulnerability in Digilent DASYLab software caused by an out-of-bounds write when loading a corrupted .DSB file.
This means that when the software parses a specially crafted DASYLab file, it writes data outside the intended memory boundaries, which can corrupt memory.
Exploitation requires a user to open a malicious .DSB file, leading to potential information disclosure or arbitrary code execution.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to disclose sensitive information or execute arbitrary code on the affected system.
However, exploitation requires local user interaction, meaning the attacker must convince a user to open a malicious file.
There is no remote exploitation possible, but successful exploitation could compromise confidentiality, integrity, and availability of the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands or network/system scanning methods provided for this vulnerability. Detection primarily involves identifying if users have opened specially crafted .DSB files in Digilent DASYLab, as exploitation requires local user interaction.
Since the vulnerability occurs when loading corrupted DSB files, monitoring for suspicious or unexpected .DSB file usage or scanning for such files from untrusted sources may help in detection.
What immediate steps should I take to mitigate this vulnerability?
There are no available fixes for this vulnerability at this time.
Immediate mitigation steps include avoiding opening .DSB files from untrusted or unknown sources and maintaining good cybersecurity practices to prevent exploitation.