CVE-2026-0955
Out-of-Bounds Read in Digilent DASYLab Enables Code Execution
Publication date: 2026-03-13
Last updated on: 2026-03-19
Assigner: National Instruments
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ni | dasylab | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-0955 is a memory corruption vulnerability in Digilent DASYLab caused by an out-of-bounds read when loading a corrupted file.
This vulnerability occurs during the parsing of user files and can lead to information disclosure or arbitrary code execution if exploited.
Exploitation requires a user to open a specially crafted DASYLab file, and it is not remotely exploitable.
How can this vulnerability impact me? :
If exploited, this vulnerability can result in information disclosure or allow an attacker to execute arbitrary code on the affected system.
Because exploitation requires local access and user interaction (opening a malicious file), the attacker must convince a user to open a specially crafted file.
The impact is considered high severity, with potential compromise of confidentiality, integrity, and availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability occurs when a specially crafted DASYLab file is opened, causing an out-of-bounds read during file parsing. Since exploitation requires local user interaction and opening a malicious file, detection on a network or system would primarily involve monitoring for the opening or presence of suspicious or untrusted DASYLab files.
No specific detection commands or tools are provided in the available information. Users should focus on identifying and preventing the opening of untrusted or unknown DASYLab files.
What immediate steps should I take to mitigate this vulnerability?
Since no fixes are currently available for this vulnerability, the immediate mitigation steps are to avoid opening DASYLab files from untrusted or unknown sources.
Maintaining good cybersecurity practices, such as user education about the risks of opening suspicious files and restricting access to potentially malicious files, is strongly advised.