Home
HIGH: 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HHIGH: 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NDefault status
unaffected
Any version before 23.0.0
affected
23.1.0 (semver) before 23.3.9
affected
24.1.0 (semver) before 24.3.6
affected
25.1.0 (semver) before 25.3.4
affected
26.1.0 (semver) before 26.1.1
affected
Description
There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVCLASS file in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .lvclass file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.
Problem types
Product status
Any version before 23.0.0
23.1.0 (semver) before 23.3.9
24.1.0 (semver) before 24.3.6
25.1.0 (semver) before 25.3.4
26.1.0 (semver) before 26.1.1
Credits
Rocco Calvi (@TecR0c) with TecSecurity
TrendAI Zero Day Initiative
References
www.ni.com/...ry-corruption-vulnerability-in-ni-labview.html