There is a file parsing memory corruption vulnerability due to an out-of-bounds write recently discovered in NI LabVIEW that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted LV class (.lvclass) file. This vulnerability affects NI LabVIEW 2026 Q1 and prior versions.
This vulnerability is identified as CVE-2026-32861.
NI strongly recommends upgrading the affected software to mitigate these vulnerabilities. Refer to the Affected Products section for information on upgrading these products.
At NI, we view the security of our products as an important part of our commitment to our customers. Go to ni.com/security to stay informed and act upon security alerts and issues.
NI would like to thank Rocco Calvi (@TecR0c) with TecSecurity working with TrendAI Zero Day Initiative for reporting this issue and working with us on coordinated disclosure.
| Product Version | Mitigation |
|---|---|
| LabVIEW 2026 | Upgrade to LabVIEW 2026 Q1 Patch 1 or later from NI Package Manager or Software Downloads |
| LabVIEW 2025 | Upgrade to LabVIEW 2025 Q3 Patch 4 or later from NI Package Manager or Software Downloads |
| LabVIEW 2024 | Upgrade to LabVIEW 2024 Q3 Patch 6 or later from NI Package Manager or Software Downloads |
| LabVIEW 2023 | Upgrade to LabVIEW 2023 Q3 Patch 9 or later from NI Package Manager or Software Downloads |
| LabVIEW 2022 and prior | Not in Mainstream Support |