CVE-2026-32863
Out-of-Bounds Read in NI LabVIEW Causes Code Execution Risk
Publication date: 2026-04-07
Last updated on: 2026-04-13
Assigner: National Instruments
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ni | labview | 2024 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2023 |
| ni | labview | 2024 |
| ni | labview | 2025 |
| ni | labview | 2025 |
| ni | labview | 2023 |
| ni | labview | 2024 |
| ni | labview | 2025 |
| ni | labview | 2023 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2025 |
| ni | labview | 2025 |
| ni | labview | 2025 |
| ni | labview | 2025 |
| ni | labview | to 2022 (inc) |
| ni | labview | 2023 |
| ni | labview | 2024 |
| ni | labview | 2025 |
| ni | labview | 2026 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can have serious impacts including unauthorized disclosure of sensitive information and the potential for arbitrary code execution.
If exploited, an attacker could gain control over the affected system or access confidential data, which could lead to further compromise or damage.
Successful exploitation requires user interaction, specifically opening a malicious VI file.
Can you explain this vulnerability to me?
This vulnerability is a memory corruption issue caused by an out-of-bounds read in the function sentry_transaction_context_set_operation() within NI LabVIEW. It occurs when the software reads data outside the allocated memory bounds, which can lead to unexpected behavior.
To exploit this vulnerability, an attacker needs to trick a user into opening a specially crafted VI file. If successful, the attacker could cause information disclosure or execute arbitrary code on the affected system.
This issue affects NI LabVIEW version 2026 Q1 (26.1.0) and all prior versions.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability may result in information disclosure or arbitrary code execution due to a memory corruption issue in NI LabVIEW. Such information disclosure could potentially impact compliance with data protection regulations like GDPR or HIPAA if sensitive data is exposed.
However, the provided information does not explicitly describe the direct impact on compliance with common standards and regulations.