Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    203 vulnerabilities by NI

    CVE-2026-9143 (GCVE-0-2026-9143)

    Vulnerability from nvd – Published: 2026-06-19 13:48 – Updated: 2026-06-22 19:33
    VLAI
    Title
    Incorrect Conversion between Numeric Types in NI grpc-device due to missing range checks in CodeGen
    Summary
    There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen.  This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-681 - Incorrect conversion between numeric types
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI grpc-device Affected: 0 , ≤ 2.17.0 (semver)
    Create a notification for this product.
    NI InstrumentStudio Affected: 0 , ≤ 26.3.0 (semver)
    Create a notification for this product.
    Credits
    Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9143",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T19:32:48.323003Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T19:33:04.895Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "grpc-device",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "InstrumentStudio",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "26.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:grpc-device:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.17.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "26.3.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebasti\u00e1n Alba Vives (@Sebasteuo / 0xS4bb1)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in\u0026nbsp;\u003cspan\u003eCodeGen.\u003c/span\u003e\u003cspan\u003e\u0026nbsp; \u003c/span\u003e\u003cspan\u003eThis may silently discard high bits if a size value exceeded the target type\u0027s range. This affects NI grpc-device 2.17.0 and prior versions.\u003c/span\u003e\u003cspan\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in\u00a0CodeGen.\u00a0 This may silently discard high bits if a size value exceeded the target type\u0027s range. This affects NI grpc-device 2.17.0 and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-128",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-128 Integer Attacks"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-681",
                  "description": "CWE-681 Incorrect conversion between numeric types",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T13:48:44.874Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ni/grpc-device/security/advisories/GHSA-rhh6-fvjv-8m84"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect Conversion between Numeric Types in NI grpc-device due to missing range checks in CodeGen",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-9143",
        "datePublished": "2026-06-19T13:48:44.874Z",
        "dateReserved": "2026-05-20T19:52:00.357Z",
        "dateUpdated": "2026-06-22T19:33:04.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9142 (GCVE-0-2026-9142)

    Vulnerability from nvd – Published: 2026-06-19 13:41 – Updated: 2026-06-22 19:29
    VLAI
    Title
    Insecure Default Credentials vulnerability in NI grpc-device when TLS configuration is not present
    Summary
    There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback.  This may allow an unauthenticated user access to the server on the local network.  This affects NI grpc-device 2.17.0 and prior versions.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing authentication for critical function
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI grpc-device Affected: 0 , ≤ 2.17.0 (semver)
    Create a notification for this product.
    NI InstrumentStudio Affected: 0 , ≤ 26.3.0 (semver)
    Create a notification for this product.
    Credits
    Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9142",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T19:29:24.594424Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T19:29:31.269Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "grpc-device",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "InstrumentStudio",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "26.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:grpc-device:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.17.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "26.3.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebasti\u00e1n Alba Vives (@Sebasteuo / 0xS4bb1)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback.\u0026nbsp; This may allow an unauthenticated user access to the server on the local network.\u0026nbsp; This affects NI grpc-device 2.17.0 and prior versions.\u003c/p\u003e"
                }
              ],
              "value": "There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback.\u00a0 This may allow an unauthenticated user access to the server on the local network.\u00a0 This affects NI grpc-device 2.17.0 and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing authentication for critical function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T13:41:26.730Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html"
            },
            {
              "url": "https://github.com/ni/grpc-device/security/advisories/GHSA-fhhw-37q8-6562"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insecure Default Credentials vulnerability in NI grpc-device when TLS configuration is not present",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-9142",
        "datePublished": "2026-06-19T13:41:26.730Z",
        "dateReserved": "2026-05-20T19:51:58.847Z",
        "dateUpdated": "2026-06-22T19:29:31.269Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48141 (GCVE-0-2026-48141)

    Vulnerability from nvd – Published: 2026-06-19 13:37 – Updated: 2026-06-22 19:28
    VLAI
    Title
    Memory leak in NI grpc-device BeginSidebandStream
    Summary
    There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion.  This affects NI grpc-device 2.17.0 and prior versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing release of memory after effective lifetime
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI grpc-device Affected: 0 , ≤ 2.17.0 (semver)
    Create a notification for this product.
    NI InstrumentStudio Affected: 0 , ≤ 26.3.0 (semver)
    Create a notification for this product.
    Credits
    Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48141",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T19:28:34.889070Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T19:28:43.707Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "grpc-device",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "InstrumentStudio",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "26.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:grpc-device:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.17.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "26.3.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebasti\u00e1n Alba Vives (@Sebasteuo / 0xS4bb1)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion.\u0026nbsp; This affects NI grpc-device 2.17.0 and prior versions.\u0026nbsp;\u003c/p\u003e"
                }
              ],
              "value": "There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion.\u00a0 This affects NI grpc-device 2.17.0 and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-131",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-131 Resource Leak Exposure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "CWE-401 Missing release of memory after effective lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T13:37:50.361Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ni/grpc-device/security/advisories/GHSA-j4qc-5v3f-rf87"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Memory leak in NI grpc-device BeginSidebandStream",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-48141",
        "datePublished": "2026-06-19T13:37:50.361Z",
        "dateReserved": "2026-05-20T19:51:56.936Z",
        "dateUpdated": "2026-06-22T19:28:43.707Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48140 (GCVE-0-2026-48140)

    Vulnerability from nvd – Published: 2026-06-19 13:32 – Updated: 2026-06-22 16:37
    VLAI
    Title
    Unchecked enum cast vulnerability in NI grpc-device in BeginSidebandStream
    Summary
    There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial of service. Successful exploitation requires an attacker to supply a specially crafted message containing an out-of-range value. This affects NI grpc-device 2.17.0 and prior versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-704 - Incorrect Type Conversion or Cast
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI grpc-device Affected: 0 , ≤ 2.17.0 (semver)
    Create a notification for this product.
    NI InstrumentStudio Affected: 0 , ≤ 26.3.0 (semver)
    Create a notification for this product.
    Credits
    Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48140",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T16:35:45.846676Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T16:37:50.838Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "grpc-device",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "InstrumentStudio",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "26.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:grpc-device:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.17.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "26.3.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebasti\u00e1n Alba Vives (@Sebasteuo / 0xS4bb1)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial of service. Successful exploitation requires an attacker to supply a specially crafted message containing an out-of-range value. This affects NI grpc-device 2.17.0 and prior versions.\u0026nbsp;\u003c/p\u003e"
                }
              ],
              "value": "There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial of service. Successful exploitation requires an attacker to supply a specially crafted message containing an out-of-range value. This affects NI grpc-device 2.17.0 and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-137",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-137 Parameter Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-704",
                  "description": "CWE-704 Incorrect Type Conversion or Cast",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T13:32:18.095Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html"
            },
            {
              "url": "https://github.com/ni/grpc-device/security/advisories/GHSA-prfr-q8h3-mqxv"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unchecked enum cast vulnerability in NI grpc-device in BeginSidebandStream",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-48140",
        "datePublished": "2026-06-19T13:32:18.095Z",
        "dateReserved": "2026-05-20T19:51:56.936Z",
        "dateUpdated": "2026-06-22T16:37:50.838Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48139 (GCVE-0-2026-48139)

    Vulnerability from nvd – Published: 2026-06-19 13:22 – Updated: 2026-06-22 17:31
    VLAI
    Title
    NULL pointer dereference vulnerability in NI grpc-device data moniker service
    Summary
    There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash.  Successful exploitation requires an attacker to provide an unknown value to the data moniker service. This affects NI grpc-device 2.17.0 and prior versions.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL pointer dereference
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI grpc-device Affected: 0 , ≤ 2.17.0 (semver)
    Create a notification for this product.
    NI InstrumentStudio Affected: 0 , ≤ 26.3.0 (semver)
    Create a notification for this product.
    Credits
    Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48139",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T17:31:14.124099Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T17:31:28.080Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "grpc-device",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "InstrumentStudio",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "26.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:grpc-device:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.17.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "26.3.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebasti\u00e1n Alba Vives (@Sebasteuo / 0xS4bb1)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash.\u0026nbsp; Successful exploitation requires an attacker to provide an unknown\u0026nbsp;value to the data moniker service. This affects NI grpc-device 2.17.0 and prior versions. \u0026nbsp;\u003c/p\u003e"
                }
              ],
              "value": "There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash.\u00a0 Successful exploitation requires an attacker to provide an unknown\u00a0value to the data moniker service. This affects NI grpc-device 2.17.0 and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-129",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-129 Pointer Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL pointer dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T13:22:32.462Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ni/grpc-device/security/advisories/GHSA-7vg9-5c74-289x"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "NULL pointer dereference vulnerability in NI grpc-device data moniker service",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-48139",
        "datePublished": "2026-06-19T13:22:32.462Z",
        "dateReserved": "2026-05-20T19:51:56.935Z",
        "dateUpdated": "2026-06-22T17:31:28.080Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48138 (GCVE-0-2026-48138)

    Vulnerability from nvd – Published: 2026-06-19 13:16 – Updated: 2026-06-22 16:14
    VLAI
    Title
    Out-of-bounds read vulnerability in the NI grpc-device streaming API
    Summary
    There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of service. Successful exploitation requires an attacker to supply a specially crafted write request. This affects NI grpc-device 2.17.0 and prior versions.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI grpc-device Affected: 0 , ≤ 2.17.0 (semver)
    Create a notification for this product.
    NI InstrumentStudio Affected: 0 , ≤ 26.3.0 (semver)
    Create a notification for this product.
    Credits
    Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48138",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T16:14:00.484448Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T16:14:14.064Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "grpc-device",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "InstrumentStudio",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "26.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:grpc-device:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.17.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "26.3.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebasti\u00e1n Alba Vives (@Sebasteuo / 0xS4bb1)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of service. Successful exploitation requires an attacker to supply a specially crafted write request. This affects NI grpc-device 2.17.0 and prior versions.\u003c/p\u003e"
                }
              ],
              "value": "There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of service. Successful exploitation requires an attacker to supply a specially crafted write request. This affects NI grpc-device 2.17.0 and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T13:16:03.969Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ni/grpc-device/security/advisories/GHSA-8rjh-429j-f6gw"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds read vulnerability in the NI grpc-device streaming API",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-48138",
        "datePublished": "2026-06-19T13:16:03.969Z",
        "dateReserved": "2026-05-20T19:51:56.935Z",
        "dateUpdated": "2026-06-22T16:14:14.064Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48137 (GCVE-0-2026-48137)

    Vulnerability from nvd – Published: 2026-06-19 13:05 – Updated: 2026-06-22 16:15
    VLAI
    Title
    Untrusted pointer dereference in NI grpc-device sideband streaming API
    Summary
    There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution.  Successful exploitation requires an attacker  to supply a specially crafted Moniker protobuf message.  This affects NI grpc-device 2.17.0 and prior versions.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-822 - Untrusted pointer dereference
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI grpc-device Affected: 0 , ≤ 2.17.0 (semver)
    Create a notification for this product.
    NI InstrumentStudio Affected: 0 , ≤ 26.3.0 (semver)
    Create a notification for this product.
    Credits
    Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48137",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T16:14:49.401117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T16:15:01.777Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "grpc-device",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "InstrumentStudio",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "26.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:grpc-device:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.17.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "26.3.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebasti\u00e1n Alba Vives (@Sebasteuo / 0xS4bb1)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution.\u0026nbsp; Successful exploitation requires an attacker\u0026nbsp; to supply a specially crafted\u0026nbsp;Moniker protobuf message.\u0026nbsp; This affects NI grpc-device 2.17.0 and prior versions.\u003c/p\u003e"
                }
              ],
              "value": "There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution.\u00a0 Successful exploitation requires an attacker\u00a0 to supply a specially crafted\u00a0Moniker protobuf message.\u00a0 This affects NI grpc-device 2.17.0 and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-129",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-129 Pointer Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "CWE-822 Untrusted pointer dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T13:18:09.580Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ni/grpc-device/security/advisories/GHSA-ww59-ghm9-mm63"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Untrusted pointer dereference in NI grpc-device sideband streaming API",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-48137",
        "datePublished": "2026-06-19T13:05:24.339Z",
        "dateReserved": "2026-05-20T19:51:56.935Z",
        "dateUpdated": "2026-06-22T16:15:01.777Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8036 (GCVE-0-2026-8036)

    Vulnerability from nvd – Published: 2026-06-02 17:26 – Updated: 2026-06-04 03:55
    VLAI
    Title
    Local privilege escalation in NI-PAL
    Summary
    Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1285 - Improper validation of specified index, position, or offset in input
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI NI-PAL Affected: 0 , ≤ 26.3.0 (semver)
    Create a notification for this product.
    Credits
    Patrick Saif (@weezerOSINT)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8036",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T03:55:47.213Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NI-PAL",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "26.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:ni-pal:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "26.3.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Patrick Saif (@weezerOSINT)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eImproper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux.\u003c/p\u003e"
                }
              ],
              "value": "Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1285",
                  "description": "CWE-1285 Improper validation of specified index, position, or offset in input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-02T17:26:18.893Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/invalid-input-validation-vulnerabilities-in-ni-pal.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Local privilege escalation in NI-PAL",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-8036",
        "datePublished": "2026-06-02T17:26:18.893Z",
        "dateReserved": "2026-05-06T13:33:43.716Z",
        "dateUpdated": "2026-06-04T03:55:47.213Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8035 (GCVE-0-2026-8035)

    Vulnerability from nvd – Published: 2026-06-02 17:22 – Updated: 2026-06-03 14:08
    VLAI
    Title
    NULL pointer dereference in NI-PAL
    Summary
    Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL pointer dereference
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI NI-PAL Affected: 0 , ≤ 26.3.0 (semverImproper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by)
    Create a notification for this product.
    Credits
    Patrick Saif (@weezerOSINT)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8035",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T14:04:30.319296Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T14:08:44.920Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NI-PAL",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "26.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semverImproper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:ni-pal:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "26.3.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Patrick Saif (@weezerOSINT)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eImproper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux.\u003c/p\u003e"
                }
              ],
              "value": "Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL pointer dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-02T17:22:07.870Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/invalid-input-validation-vulnerabilities-in-ni-pal.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "NULL pointer dereference in NI-PAL",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-8035",
        "datePublished": "2026-06-02T17:22:07.870Z",
        "dateReserved": "2026-05-06T13:33:43.142Z",
        "dateUpdated": "2026-06-03T14:08:44.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9051 (GCVE-0-2026-9051)

    Vulnerability from nvd – Published: 2026-05-29 18:04 – Updated: 2026-05-29 18:45
    VLAI
    Title
    Authentication Bypass Vulnerability in NI SystemLink Enterprise
    Summary
    There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to privilege escalation or information disclosure.  Successful exploitation requires an attacker to send a specially crafted HTTP request.  This vulnerability affects NI SystemLink Enterprise 2026-04 and prior versions.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing authentication for critical function
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI SystemLink Enterprise Affected: 0 , ≤ 2026-04 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9051",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T18:45:46.466575Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T18:45:55.475Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SystemLink Enterprise",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "2026-04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:systemlink_enterprise:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2026-04",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to privilege escalation or information disclosure.\u0026nbsp; Successful exploitation requires an attacker to send a specially crafted HTTP request.\u0026nbsp; This vulnerability affects NI SystemLink Enterprise 2026-04 and prior versions.\u003c/p\u003e"
                }
              ],
              "value": "There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to privilege escalation or information disclosure.\u00a0 Successful exploitation requires an attacker to send a specially crafted HTTP request.\u00a0 This vulnerability affects NI SystemLink Enterprise 2026-04 and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing authentication for critical function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-29T18:04:48.703Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/authentication-bypass-vulnerability-in-ni-systemlink-enterprise.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authentication Bypass Vulnerability in NI SystemLink Enterprise",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-9051",
        "datePublished": "2026-05-29T18:04:48.703Z",
        "dateReserved": "2026-05-19T20:34:59.772Z",
        "dateUpdated": "2026-05-29T18:45:55.475Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32864 (GCVE-0-2026-32864)

    Vulnerability from nvd – Published: 2026-04-07 19:56 – Updated: 2026-04-08 03:55
    VLAI
    Title
    Out-of-Bounds Read in mgcore_SH_25_3!aligned_free()
    Summary
    There is a memory corruption vulnerability due to an out-of-bounds read in mgcore_SH_25_3!aligned_free() in NI LabVIEW.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI LabVIEW Affected: 0 , < 23.0.0 (semver)
    Affected: 23.1.0 , < 23.3.9 (semver)
    Affected: 24.1.0 , < 24.3.6 (semver)
    Affected: 25.1.0 , < 25.3.4 (semver)
    Affected: 26.1.0 , < 26.1.1 (semver)
    Create a notification for this product.
    Credits
    Michael Heinzl
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32864",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-07T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T03:55:56.834Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "LabVIEW",
              "vendor": "NI",
              "versions": [
                {
                  "lessThan": "23.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.3.9",
                  "status": "affected",
                  "version": "23.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.3.6",
                  "status": "affected",
                  "version": "24.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.3.4",
                  "status": "affected",
                  "version": "25.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "26.1.1",
                  "status": "affected",
                  "version": "26.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "23.0.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "23.3.9",
                      "versionStartIncluding": "23.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "24.3.6",
                      "versionStartIncluding": "24.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25.3.4",
                      "versionStartIncluding": "25.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "26.1.1",
                      "versionStartIncluding": "26.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Heinzl"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is a memory corruption vulnerability due to an out-of-bounds read in mgcore_SH_25_3!aligned_free() in NI LabVIEW.\u0026nbsp; This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.\u0026nbsp;\u003c/p\u003e"
                }
              ],
              "value": "There is a memory corruption vulnerability due to an out-of-bounds read in mgcore_SH_25_3!aligned_free() in NI LabVIEW.\u00a0 This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T19:56:42.923Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/memory-corruption-vulnerabilities-in-ni-labview.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-Bounds Read in mgcore_SH_25_3!aligned_free()",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-32864",
        "datePublished": "2026-04-07T19:56:42.923Z",
        "dateReserved": "2026-03-16T20:29:24.841Z",
        "dateUpdated": "2026-04-08T03:55:56.834Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32863 (GCVE-0-2026-32863)

    Vulnerability from nvd – Published: 2026-04-07 19:53 – Updated: 2026-04-08 03:55
    VLAI
    Title
    Out-of-Bounds Read in sentry_transaction_context_set_operation()
    Summary
    There is a memory corruption vulnerability due to an out-of-bounds read in sentry_transaction_context_set_operation() in NI LabVIEW.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI LabVIEW Affected: 0 , < 23.0.0 (semver)
    Affected: 23.1.0 , < 23.3.9 (semver)
    Affected: 24.1.0 , < 24.3.6 (semver)
    Affected: 25.1.0 , < 25.3.4 (semver)
    Affected: 26.1.0 , < 26.1.1 (semver)
    Create a notification for this product.
    Credits
    Michael Heinzl
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32863",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-07T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T03:55:55.727Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "LabVIEW",
              "vendor": "NI",
              "versions": [
                {
                  "lessThan": "23.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.3.9",
                  "status": "affected",
                  "version": "23.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.3.6",
                  "status": "affected",
                  "version": "24.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.3.4",
                  "status": "affected",
                  "version": "25.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "26.1.1",
                  "status": "affected",
                  "version": "26.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "23.0.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "23.3.9",
                      "versionStartIncluding": "23.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "24.3.6",
                      "versionStartIncluding": "24.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25.3.4",
                      "versionStartIncluding": "25.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "26.1.1",
                      "versionStartIncluding": "26.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Heinzl"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is a memory corruption vulnerability due to an out-of-bounds read in sentry_transaction_context_set_operation() in NI LabVIEW.\u0026nbsp; This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.\u0026nbsp;\u003c/p\u003e"
                }
              ],
              "value": "There is a memory corruption vulnerability due to an out-of-bounds read in sentry_transaction_context_set_operation() in NI LabVIEW.\u00a0 This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T19:53:51.666Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/memory-corruption-vulnerabilities-in-ni-labview.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-Bounds Read in sentry_transaction_context_set_operation()",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-32863",
        "datePublished": "2026-04-07T19:53:51.666Z",
        "dateReserved": "2026-03-16T20:29:24.841Z",
        "dateUpdated": "2026-04-08T03:55:55.727Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32862 (GCVE-0-2026-32862)

    Vulnerability from nvd – Published: 2026-04-07 19:50 – Updated: 2026-04-08 03:55
    VLAI
    Title
    Out-of-Bounds Write in ResFileFactory::InitResourceMgr()
    Summary
    There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr() in NI LabVIEW.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI LabVIEW Affected: 0 , < 23.0.0 (semver)
    Affected: 23.1.0 , < 23.3.9 (semver)
    Affected: 24.1.0 , < 24.3.6 (semver)
    Affected: 25.1.0 , < 25.3.4 (semver)
    Affected: 26.1.0 , < 26.1.1 (semver)
    Create a notification for this product.
    Credits
    Michael Heinzl
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32862",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-07T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T03:55:54.567Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "LabVIEW",
              "vendor": "NI",
              "versions": [
                {
                  "lessThan": "23.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.3.9",
                  "status": "affected",
                  "version": "23.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.3.6",
                  "status": "affected",
                  "version": "24.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.3.4",
                  "status": "affected",
                  "version": "25.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "26.1.1",
                  "status": "affected",
                  "version": "26.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "23.0.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "23.3.9",
                      "versionStartIncluding": "23.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "24.3.6",
                      "versionStartIncluding": "24.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25.3.4",
                      "versionStartIncluding": "25.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "26.1.1",
                      "versionStartIncluding": "26.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Heinzl"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr() in NI LabVIEW.\u0026nbsp; This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.\u003c/p\u003e"
                }
              ],
              "value": "There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr() in NI LabVIEW.\u00a0 This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T19:50:36.912Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/memory-corruption-vulnerabilities-in-ni-labview.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-Bounds Write in ResFileFactory::InitResourceMgr()",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-32862",
        "datePublished": "2026-04-07T19:50:36.912Z",
        "dateReserved": "2026-03-16T20:29:24.841Z",
        "dateUpdated": "2026-04-08T03:55:54.567Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32861 (GCVE-0-2026-32861)

    Vulnerability from nvd – Published: 2026-04-07 19:46 – Updated: 2026-04-08 03:55
    VLAI
    Title
    Out-of-Bounds Write Vulnerability in NI LabVIEW when loading lvclass file
    Summary
    There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVCLASS file in NI LabVIEW.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .lvclass file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI LabVIEW Affected: 0 , < 23.0.0 (semver)
    Affected: 23.1.0 , < 23.3.9 (semver)
    Affected: 24.1.0 , < 24.3.6 (semver)
    Affected: 25.1.0 , < 25.3.4 (semver)
    Affected: 26.1.0 , < 26.1.1 (semver)
    Create a notification for this product.
    Credits
    Rocco Calvi (@TecR0c) with TecSecurity TrendAI Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32861",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-07T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T03:55:58.996Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "LabVIEW",
              "vendor": "NI",
              "versions": [
                {
                  "lessThan": "23.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.3.9",
                  "status": "affected",
                  "version": "23.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.3.6",
                  "status": "affected",
                  "version": "24.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.3.4",
                  "status": "affected",
                  "version": "25.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "26.1.1",
                  "status": "affected",
                  "version": "26.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "23.0.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "23.3.9",
                      "versionStartIncluding": "23.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "24.3.6",
                      "versionStartIncluding": "24.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25.3.4",
                      "versionStartIncluding": "25.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "26.1.1",
                      "versionStartIncluding": "26.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Rocco Calvi (@TecR0c) with TecSecurity"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "TrendAI Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVCLASS file in NI LabVIEW.\u0026nbsp; This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .lvclass file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.\u0026nbsp;\u003c/p\u003e"
                }
              ],
              "value": "There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVCLASS file in NI LabVIEW.\u00a0 This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .lvclass file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T19:46:45.763Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/lv-class-file-parsing-memory-corruption-vulnerability-in-ni-labview.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-Bounds Write Vulnerability in NI LabVIEW when loading lvclass file",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-32861",
        "datePublished": "2026-04-07T19:46:45.763Z",
        "dateReserved": "2026-03-16T20:29:24.840Z",
        "dateUpdated": "2026-04-08T03:55:58.996Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32860 (GCVE-0-2026-32860)

    Vulnerability from nvd – Published: 2026-04-07 19:42 – Updated: 2026-04-08 03:55
    VLAI
    Title
    Out-of-Bounds Write Vulnerability in NI LabVIEW when loading lvlib file
    Summary
    There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVLIB file in NI LabVIEW.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .lvlib file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI LabVIEW Affected: 0 , < 23.0.0 (semver)
    Affected: 23.1.0 , < 23.3.9 (semver)
    Affected: 24.1.0 , < 24.3.6 (semver)
    Affected: 25.1.0 , < 25.3.4 (semver)
    Affected: 26.1.0 , < 26.1.1 (semver)
    Create a notification for this product.
    Credits
    Rocco Calvi (@TecR0c) with TecSecurity TrendAI Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32860",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-07T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T03:55:57.909Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "LabVIEW",
              "vendor": "NI",
              "versions": [
                {
                  "lessThan": "23.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.3.9",
                  "status": "affected",
                  "version": "23.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.3.6",
                  "status": "affected",
                  "version": "24.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.3.4",
                  "status": "affected",
                  "version": "25.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "26.1.1",
                  "status": "affected",
                  "version": "26.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "23.0.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "23.3.9",
                      "versionStartIncluding": "23.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "24.3.6",
                      "versionStartIncluding": "24.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25.3.4",
                      "versionStartIncluding": "25.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "26.1.1",
                      "versionStartIncluding": "26.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Rocco Calvi (@TecR0c) with TecSecurity"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "TrendAI Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVLIB file in NI LabVIEW.\u0026nbsp; This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .lvlib file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.\u0026nbsp;\u003c/p\u003e"
                }
              ],
              "value": "There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVLIB file in NI LabVIEW.\u00a0 This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .lvlib file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787\u00a0- Out of Bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T19:42:36.167Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/lv-project-library-file-parsing-memory-corruption-vulnerability-in-ni-labview.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-Bounds Write Vulnerability in NI LabVIEW when loading lvlib file",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-32860",
        "datePublished": "2026-04-07T19:42:36.167Z",
        "dateReserved": "2026-03-16T20:29:24.840Z",
        "dateUpdated": "2026-04-08T03:55:57.909Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9143 (GCVE-0-2026-9143)

    Vulnerability from cvelistv5 – Published: 2026-06-19 13:48 – Updated: 2026-06-22 19:33
    VLAI
    Title
    Incorrect Conversion between Numeric Types in NI grpc-device due to missing range checks in CodeGen
    Summary
    There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen.  This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-681 - Incorrect conversion between numeric types
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI grpc-device Affected: 0 , ≤ 2.17.0 (semver)
    Create a notification for this product.
    NI InstrumentStudio Affected: 0 , ≤ 26.3.0 (semver)
    Create a notification for this product.
    Credits
    Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9143",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T19:32:48.323003Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T19:33:04.895Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "grpc-device",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "InstrumentStudio",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "26.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:grpc-device:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.17.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "26.3.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebasti\u00e1n Alba Vives (@Sebasteuo / 0xS4bb1)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in\u0026nbsp;\u003cspan\u003eCodeGen.\u003c/span\u003e\u003cspan\u003e\u0026nbsp; \u003c/span\u003e\u003cspan\u003eThis may silently discard high bits if a size value exceeded the target type\u0027s range. This affects NI grpc-device 2.17.0 and prior versions.\u003c/span\u003e\u003cspan\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in\u00a0CodeGen.\u00a0 This may silently discard high bits if a size value exceeded the target type\u0027s range. This affects NI grpc-device 2.17.0 and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-128",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-128 Integer Attacks"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-681",
                  "description": "CWE-681 Incorrect conversion between numeric types",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T13:48:44.874Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ni/grpc-device/security/advisories/GHSA-rhh6-fvjv-8m84"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect Conversion between Numeric Types in NI grpc-device due to missing range checks in CodeGen",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-9143",
        "datePublished": "2026-06-19T13:48:44.874Z",
        "dateReserved": "2026-05-20T19:52:00.357Z",
        "dateUpdated": "2026-06-22T19:33:04.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9142 (GCVE-0-2026-9142)

    Vulnerability from cvelistv5 – Published: 2026-06-19 13:41 – Updated: 2026-06-22 19:29
    VLAI
    Title
    Insecure Default Credentials vulnerability in NI grpc-device when TLS configuration is not present
    Summary
    There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback.  This may allow an unauthenticated user access to the server on the local network.  This affects NI grpc-device 2.17.0 and prior versions.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing authentication for critical function
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI grpc-device Affected: 0 , ≤ 2.17.0 (semver)
    Create a notification for this product.
    NI InstrumentStudio Affected: 0 , ≤ 26.3.0 (semver)
    Create a notification for this product.
    Credits
    Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9142",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T19:29:24.594424Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T19:29:31.269Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "grpc-device",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "InstrumentStudio",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "26.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:grpc-device:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.17.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "26.3.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebasti\u00e1n Alba Vives (@Sebasteuo / 0xS4bb1)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback.\u0026nbsp; This may allow an unauthenticated user access to the server on the local network.\u0026nbsp; This affects NI grpc-device 2.17.0 and prior versions.\u003c/p\u003e"
                }
              ],
              "value": "There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback.\u00a0 This may allow an unauthenticated user access to the server on the local network.\u00a0 This affects NI grpc-device 2.17.0 and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing authentication for critical function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T13:41:26.730Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html"
            },
            {
              "url": "https://github.com/ni/grpc-device/security/advisories/GHSA-fhhw-37q8-6562"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insecure Default Credentials vulnerability in NI grpc-device when TLS configuration is not present",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-9142",
        "datePublished": "2026-06-19T13:41:26.730Z",
        "dateReserved": "2026-05-20T19:51:58.847Z",
        "dateUpdated": "2026-06-22T19:29:31.269Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48141 (GCVE-0-2026-48141)

    Vulnerability from cvelistv5 – Published: 2026-06-19 13:37 – Updated: 2026-06-22 19:28
    VLAI
    Title
    Memory leak in NI grpc-device BeginSidebandStream
    Summary
    There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion.  This affects NI grpc-device 2.17.0 and prior versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing release of memory after effective lifetime
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI grpc-device Affected: 0 , ≤ 2.17.0 (semver)
    Create a notification for this product.
    NI InstrumentStudio Affected: 0 , ≤ 26.3.0 (semver)
    Create a notification for this product.
    Credits
    Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48141",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T19:28:34.889070Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T19:28:43.707Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "grpc-device",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "InstrumentStudio",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "26.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:grpc-device:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.17.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "26.3.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebasti\u00e1n Alba Vives (@Sebasteuo / 0xS4bb1)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion.\u0026nbsp; This affects NI grpc-device 2.17.0 and prior versions.\u0026nbsp;\u003c/p\u003e"
                }
              ],
              "value": "There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion.\u00a0 This affects NI grpc-device 2.17.0 and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-131",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-131 Resource Leak Exposure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "CWE-401 Missing release of memory after effective lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T13:37:50.361Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ni/grpc-device/security/advisories/GHSA-j4qc-5v3f-rf87"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Memory leak in NI grpc-device BeginSidebandStream",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-48141",
        "datePublished": "2026-06-19T13:37:50.361Z",
        "dateReserved": "2026-05-20T19:51:56.936Z",
        "dateUpdated": "2026-06-22T19:28:43.707Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48140 (GCVE-0-2026-48140)

    Vulnerability from cvelistv5 – Published: 2026-06-19 13:32 – Updated: 2026-06-22 16:37
    VLAI
    Title
    Unchecked enum cast vulnerability in NI grpc-device in BeginSidebandStream
    Summary
    There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial of service. Successful exploitation requires an attacker to supply a specially crafted message containing an out-of-range value. This affects NI grpc-device 2.17.0 and prior versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-704 - Incorrect Type Conversion or Cast
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI grpc-device Affected: 0 , ≤ 2.17.0 (semver)
    Create a notification for this product.
    NI InstrumentStudio Affected: 0 , ≤ 26.3.0 (semver)
    Create a notification for this product.
    Credits
    Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48140",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T16:35:45.846676Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T16:37:50.838Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "grpc-device",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "InstrumentStudio",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "26.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:grpc-device:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.17.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "26.3.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebasti\u00e1n Alba Vives (@Sebasteuo / 0xS4bb1)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial of service. Successful exploitation requires an attacker to supply a specially crafted message containing an out-of-range value. This affects NI grpc-device 2.17.0 and prior versions.\u0026nbsp;\u003c/p\u003e"
                }
              ],
              "value": "There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial of service. Successful exploitation requires an attacker to supply a specially crafted message containing an out-of-range value. This affects NI grpc-device 2.17.0 and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-137",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-137 Parameter Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-704",
                  "description": "CWE-704 Incorrect Type Conversion or Cast",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T13:32:18.095Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html"
            },
            {
              "url": "https://github.com/ni/grpc-device/security/advisories/GHSA-prfr-q8h3-mqxv"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unchecked enum cast vulnerability in NI grpc-device in BeginSidebandStream",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-48140",
        "datePublished": "2026-06-19T13:32:18.095Z",
        "dateReserved": "2026-05-20T19:51:56.936Z",
        "dateUpdated": "2026-06-22T16:37:50.838Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48139 (GCVE-0-2026-48139)

    Vulnerability from cvelistv5 – Published: 2026-06-19 13:22 – Updated: 2026-06-22 17:31
    VLAI
    Title
    NULL pointer dereference vulnerability in NI grpc-device data moniker service
    Summary
    There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash.  Successful exploitation requires an attacker to provide an unknown value to the data moniker service. This affects NI grpc-device 2.17.0 and prior versions.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL pointer dereference
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI grpc-device Affected: 0 , ≤ 2.17.0 (semver)
    Create a notification for this product.
    NI InstrumentStudio Affected: 0 , ≤ 26.3.0 (semver)
    Create a notification for this product.
    Credits
    Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48139",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T17:31:14.124099Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T17:31:28.080Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "grpc-device",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "InstrumentStudio",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "26.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:grpc-device:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.17.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "26.3.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebasti\u00e1n Alba Vives (@Sebasteuo / 0xS4bb1)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash.\u0026nbsp; Successful exploitation requires an attacker to provide an unknown\u0026nbsp;value to the data moniker service. This affects NI grpc-device 2.17.0 and prior versions. \u0026nbsp;\u003c/p\u003e"
                }
              ],
              "value": "There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash.\u00a0 Successful exploitation requires an attacker to provide an unknown\u00a0value to the data moniker service. This affects NI grpc-device 2.17.0 and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-129",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-129 Pointer Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL pointer dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T13:22:32.462Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ni/grpc-device/security/advisories/GHSA-7vg9-5c74-289x"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "NULL pointer dereference vulnerability in NI grpc-device data moniker service",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-48139",
        "datePublished": "2026-06-19T13:22:32.462Z",
        "dateReserved": "2026-05-20T19:51:56.935Z",
        "dateUpdated": "2026-06-22T17:31:28.080Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48138 (GCVE-0-2026-48138)

    Vulnerability from cvelistv5 – Published: 2026-06-19 13:16 – Updated: 2026-06-22 16:14
    VLAI
    Title
    Out-of-bounds read vulnerability in the NI grpc-device streaming API
    Summary
    There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of service. Successful exploitation requires an attacker to supply a specially crafted write request. This affects NI grpc-device 2.17.0 and prior versions.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI grpc-device Affected: 0 , ≤ 2.17.0 (semver)
    Create a notification for this product.
    NI InstrumentStudio Affected: 0 , ≤ 26.3.0 (semver)
    Create a notification for this product.
    Credits
    Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48138",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T16:14:00.484448Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T16:14:14.064Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "grpc-device",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "InstrumentStudio",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "26.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:grpc-device:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.17.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "26.3.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebasti\u00e1n Alba Vives (@Sebasteuo / 0xS4bb1)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of service. Successful exploitation requires an attacker to supply a specially crafted write request. This affects NI grpc-device 2.17.0 and prior versions.\u003c/p\u003e"
                }
              ],
              "value": "There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of service. Successful exploitation requires an attacker to supply a specially crafted write request. This affects NI grpc-device 2.17.0 and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T13:16:03.969Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ni/grpc-device/security/advisories/GHSA-8rjh-429j-f6gw"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds read vulnerability in the NI grpc-device streaming API",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-48138",
        "datePublished": "2026-06-19T13:16:03.969Z",
        "dateReserved": "2026-05-20T19:51:56.935Z",
        "dateUpdated": "2026-06-22T16:14:14.064Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48137 (GCVE-0-2026-48137)

    Vulnerability from cvelistv5 – Published: 2026-06-19 13:05 – Updated: 2026-06-22 16:15
    VLAI
    Title
    Untrusted pointer dereference in NI grpc-device sideband streaming API
    Summary
    There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution.  Successful exploitation requires an attacker  to supply a specially crafted Moniker protobuf message.  This affects NI grpc-device 2.17.0 and prior versions.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-822 - Untrusted pointer dereference
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI grpc-device Affected: 0 , ≤ 2.17.0 (semver)
    Create a notification for this product.
    NI InstrumentStudio Affected: 0 , ≤ 26.3.0 (semver)
    Create a notification for this product.
    Credits
    Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48137",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T16:14:49.401117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T16:15:01.777Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "grpc-device",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "2.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "InstrumentStudio",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "26.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:grpc-device:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.17.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "26.3.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebasti\u00e1n Alba Vives (@Sebasteuo / 0xS4bb1)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution.\u0026nbsp; Successful exploitation requires an attacker\u0026nbsp; to supply a specially crafted\u0026nbsp;Moniker protobuf message.\u0026nbsp; This affects NI grpc-device 2.17.0 and prior versions.\u003c/p\u003e"
                }
              ],
              "value": "There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution.\u00a0 Successful exploitation requires an attacker\u00a0 to supply a specially crafted\u00a0Moniker protobuf message.\u00a0 This affects NI grpc-device 2.17.0 and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-129",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-129 Pointer Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "CWE-822 Untrusted pointer dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T13:18:09.580Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ni/grpc-device/security/advisories/GHSA-ww59-ghm9-mm63"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Untrusted pointer dereference in NI grpc-device sideband streaming API",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-48137",
        "datePublished": "2026-06-19T13:05:24.339Z",
        "dateReserved": "2026-05-20T19:51:56.935Z",
        "dateUpdated": "2026-06-22T16:15:01.777Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8036 (GCVE-0-2026-8036)

    Vulnerability from cvelistv5 – Published: 2026-06-02 17:26 – Updated: 2026-06-04 03:55
    VLAI
    Title
    Local privilege escalation in NI-PAL
    Summary
    Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1285 - Improper validation of specified index, position, or offset in input
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI NI-PAL Affected: 0 , ≤ 26.3.0 (semver)
    Create a notification for this product.
    Credits
    Patrick Saif (@weezerOSINT)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8036",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T03:55:47.213Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NI-PAL",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "26.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:ni-pal:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "26.3.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Patrick Saif (@weezerOSINT)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eImproper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux.\u003c/p\u003e"
                }
              ],
              "value": "Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1285",
                  "description": "CWE-1285 Improper validation of specified index, position, or offset in input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-02T17:26:18.893Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/invalid-input-validation-vulnerabilities-in-ni-pal.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Local privilege escalation in NI-PAL",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-8036",
        "datePublished": "2026-06-02T17:26:18.893Z",
        "dateReserved": "2026-05-06T13:33:43.716Z",
        "dateUpdated": "2026-06-04T03:55:47.213Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8035 (GCVE-0-2026-8035)

    Vulnerability from cvelistv5 – Published: 2026-06-02 17:22 – Updated: 2026-06-03 14:08
    VLAI
    Title
    NULL pointer dereference in NI-PAL
    Summary
    Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL pointer dereference
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI NI-PAL Affected: 0 , ≤ 26.3.0 (semverImproper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by)
    Create a notification for this product.
    Credits
    Patrick Saif (@weezerOSINT)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8035",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T14:04:30.319296Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T14:08:44.920Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NI-PAL",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "26.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semverImproper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:ni-pal:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "26.3.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Patrick Saif (@weezerOSINT)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eImproper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux.\u003c/p\u003e"
                }
              ],
              "value": "Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL pointer dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-02T17:22:07.870Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/invalid-input-validation-vulnerabilities-in-ni-pal.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "NULL pointer dereference in NI-PAL",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-8035",
        "datePublished": "2026-06-02T17:22:07.870Z",
        "dateReserved": "2026-05-06T13:33:43.142Z",
        "dateUpdated": "2026-06-03T14:08:44.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9051 (GCVE-0-2026-9051)

    Vulnerability from cvelistv5 – Published: 2026-05-29 18:04 – Updated: 2026-05-29 18:45
    VLAI
    Title
    Authentication Bypass Vulnerability in NI SystemLink Enterprise
    Summary
    There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to privilege escalation or information disclosure.  Successful exploitation requires an attacker to send a specially crafted HTTP request.  This vulnerability affects NI SystemLink Enterprise 2026-04 and prior versions.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing authentication for critical function
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI SystemLink Enterprise Affected: 0 , ≤ 2026-04 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9051",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T18:45:46.466575Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T18:45:55.475Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SystemLink Enterprise",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "2026-04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:systemlink_enterprise:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2026-04",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to privilege escalation or information disclosure.\u0026nbsp; Successful exploitation requires an attacker to send a specially crafted HTTP request.\u0026nbsp; This vulnerability affects NI SystemLink Enterprise 2026-04 and prior versions.\u003c/p\u003e"
                }
              ],
              "value": "There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to privilege escalation or information disclosure.\u00a0 Successful exploitation requires an attacker to send a specially crafted HTTP request.\u00a0 This vulnerability affects NI SystemLink Enterprise 2026-04 and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing authentication for critical function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-29T18:04:48.703Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/authentication-bypass-vulnerability-in-ni-systemlink-enterprise.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authentication Bypass Vulnerability in NI SystemLink Enterprise",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-9051",
        "datePublished": "2026-05-29T18:04:48.703Z",
        "dateReserved": "2026-05-19T20:34:59.772Z",
        "dateUpdated": "2026-05-29T18:45:55.475Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32864 (GCVE-0-2026-32864)

    Vulnerability from cvelistv5 – Published: 2026-04-07 19:56 – Updated: 2026-04-08 03:55
    VLAI
    Title
    Out-of-Bounds Read in mgcore_SH_25_3!aligned_free()
    Summary
    There is a memory corruption vulnerability due to an out-of-bounds read in mgcore_SH_25_3!aligned_free() in NI LabVIEW.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI LabVIEW Affected: 0 , < 23.0.0 (semver)
    Affected: 23.1.0 , < 23.3.9 (semver)
    Affected: 24.1.0 , < 24.3.6 (semver)
    Affected: 25.1.0 , < 25.3.4 (semver)
    Affected: 26.1.0 , < 26.1.1 (semver)
    Create a notification for this product.
    Credits
    Michael Heinzl
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32864",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-07T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T03:55:56.834Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "LabVIEW",
              "vendor": "NI",
              "versions": [
                {
                  "lessThan": "23.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.3.9",
                  "status": "affected",
                  "version": "23.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.3.6",
                  "status": "affected",
                  "version": "24.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.3.4",
                  "status": "affected",
                  "version": "25.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "26.1.1",
                  "status": "affected",
                  "version": "26.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "23.0.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "23.3.9",
                      "versionStartIncluding": "23.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "24.3.6",
                      "versionStartIncluding": "24.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25.3.4",
                      "versionStartIncluding": "25.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "26.1.1",
                      "versionStartIncluding": "26.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Heinzl"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is a memory corruption vulnerability due to an out-of-bounds read in mgcore_SH_25_3!aligned_free() in NI LabVIEW.\u0026nbsp; This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.\u0026nbsp;\u003c/p\u003e"
                }
              ],
              "value": "There is a memory corruption vulnerability due to an out-of-bounds read in mgcore_SH_25_3!aligned_free() in NI LabVIEW.\u00a0 This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T19:56:42.923Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/memory-corruption-vulnerabilities-in-ni-labview.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-Bounds Read in mgcore_SH_25_3!aligned_free()",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-32864",
        "datePublished": "2026-04-07T19:56:42.923Z",
        "dateReserved": "2026-03-16T20:29:24.841Z",
        "dateUpdated": "2026-04-08T03:55:56.834Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32863 (GCVE-0-2026-32863)

    Vulnerability from cvelistv5 – Published: 2026-04-07 19:53 – Updated: 2026-04-08 03:55
    VLAI
    Title
    Out-of-Bounds Read in sentry_transaction_context_set_operation()
    Summary
    There is a memory corruption vulnerability due to an out-of-bounds read in sentry_transaction_context_set_operation() in NI LabVIEW.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI LabVIEW Affected: 0 , < 23.0.0 (semver)
    Affected: 23.1.0 , < 23.3.9 (semver)
    Affected: 24.1.0 , < 24.3.6 (semver)
    Affected: 25.1.0 , < 25.3.4 (semver)
    Affected: 26.1.0 , < 26.1.1 (semver)
    Create a notification for this product.
    Credits
    Michael Heinzl
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32863",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-07T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T03:55:55.727Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "LabVIEW",
              "vendor": "NI",
              "versions": [
                {
                  "lessThan": "23.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.3.9",
                  "status": "affected",
                  "version": "23.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.3.6",
                  "status": "affected",
                  "version": "24.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.3.4",
                  "status": "affected",
                  "version": "25.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "26.1.1",
                  "status": "affected",
                  "version": "26.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "23.0.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "23.3.9",
                      "versionStartIncluding": "23.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "24.3.6",
                      "versionStartIncluding": "24.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25.3.4",
                      "versionStartIncluding": "25.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "26.1.1",
                      "versionStartIncluding": "26.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Heinzl"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is a memory corruption vulnerability due to an out-of-bounds read in sentry_transaction_context_set_operation() in NI LabVIEW.\u0026nbsp; This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.\u0026nbsp;\u003c/p\u003e"
                }
              ],
              "value": "There is a memory corruption vulnerability due to an out-of-bounds read in sentry_transaction_context_set_operation() in NI LabVIEW.\u00a0 This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T19:53:51.666Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/memory-corruption-vulnerabilities-in-ni-labview.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-Bounds Read in sentry_transaction_context_set_operation()",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-32863",
        "datePublished": "2026-04-07T19:53:51.666Z",
        "dateReserved": "2026-03-16T20:29:24.841Z",
        "dateUpdated": "2026-04-08T03:55:55.727Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32862 (GCVE-0-2026-32862)

    Vulnerability from cvelistv5 – Published: 2026-04-07 19:50 – Updated: 2026-04-08 03:55
    VLAI
    Title
    Out-of-Bounds Write in ResFileFactory::InitResourceMgr()
    Summary
    There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr() in NI LabVIEW.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI LabVIEW Affected: 0 , < 23.0.0 (semver)
    Affected: 23.1.0 , < 23.3.9 (semver)
    Affected: 24.1.0 , < 24.3.6 (semver)
    Affected: 25.1.0 , < 25.3.4 (semver)
    Affected: 26.1.0 , < 26.1.1 (semver)
    Create a notification for this product.
    Credits
    Michael Heinzl
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32862",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-07T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T03:55:54.567Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "LabVIEW",
              "vendor": "NI",
              "versions": [
                {
                  "lessThan": "23.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.3.9",
                  "status": "affected",
                  "version": "23.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.3.6",
                  "status": "affected",
                  "version": "24.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.3.4",
                  "status": "affected",
                  "version": "25.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "26.1.1",
                  "status": "affected",
                  "version": "26.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "23.0.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "23.3.9",
                      "versionStartIncluding": "23.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "24.3.6",
                      "versionStartIncluding": "24.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25.3.4",
                      "versionStartIncluding": "25.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "26.1.1",
                      "versionStartIncluding": "26.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Heinzl"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr() in NI LabVIEW.\u0026nbsp; This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.\u003c/p\u003e"
                }
              ],
              "value": "There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr() in NI LabVIEW.\u00a0 This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T19:50:36.912Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/memory-corruption-vulnerabilities-in-ni-labview.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-Bounds Write in ResFileFactory::InitResourceMgr()",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-32862",
        "datePublished": "2026-04-07T19:50:36.912Z",
        "dateReserved": "2026-03-16T20:29:24.841Z",
        "dateUpdated": "2026-04-08T03:55:54.567Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32861 (GCVE-0-2026-32861)

    Vulnerability from cvelistv5 – Published: 2026-04-07 19:46 – Updated: 2026-04-08 03:55
    VLAI
    Title
    Out-of-Bounds Write Vulnerability in NI LabVIEW when loading lvclass file
    Summary
    There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVCLASS file in NI LabVIEW.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .lvclass file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI LabVIEW Affected: 0 , < 23.0.0 (semver)
    Affected: 23.1.0 , < 23.3.9 (semver)
    Affected: 24.1.0 , < 24.3.6 (semver)
    Affected: 25.1.0 , < 25.3.4 (semver)
    Affected: 26.1.0 , < 26.1.1 (semver)
    Create a notification for this product.
    Credits
    Rocco Calvi (@TecR0c) with TecSecurity TrendAI Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32861",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-07T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T03:55:58.996Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "LabVIEW",
              "vendor": "NI",
              "versions": [
                {
                  "lessThan": "23.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.3.9",
                  "status": "affected",
                  "version": "23.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.3.6",
                  "status": "affected",
                  "version": "24.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.3.4",
                  "status": "affected",
                  "version": "25.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "26.1.1",
                  "status": "affected",
                  "version": "26.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "23.0.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "23.3.9",
                      "versionStartIncluding": "23.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "24.3.6",
                      "versionStartIncluding": "24.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25.3.4",
                      "versionStartIncluding": "25.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "26.1.1",
                      "versionStartIncluding": "26.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Rocco Calvi (@TecR0c) with TecSecurity"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "TrendAI Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVCLASS file in NI LabVIEW.\u0026nbsp; This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .lvclass file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.\u0026nbsp;\u003c/p\u003e"
                }
              ],
              "value": "There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVCLASS file in NI LabVIEW.\u00a0 This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .lvclass file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T19:46:45.763Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/lv-class-file-parsing-memory-corruption-vulnerability-in-ni-labview.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-Bounds Write Vulnerability in NI LabVIEW when loading lvclass file",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-32861",
        "datePublished": "2026-04-07T19:46:45.763Z",
        "dateReserved": "2026-03-16T20:29:24.840Z",
        "dateUpdated": "2026-04-08T03:55:58.996Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32860 (GCVE-0-2026-32860)

    Vulnerability from cvelistv5 – Published: 2026-04-07 19:42 – Updated: 2026-04-08 03:55
    VLAI
    Title
    Out-of-Bounds Write Vulnerability in NI LabVIEW when loading lvlib file
    Summary
    There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVLIB file in NI LabVIEW.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .lvlib file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI LabVIEW Affected: 0 , < 23.0.0 (semver)
    Affected: 23.1.0 , < 23.3.9 (semver)
    Affected: 24.1.0 , < 24.3.6 (semver)
    Affected: 25.1.0 , < 25.3.4 (semver)
    Affected: 26.1.0 , < 26.1.1 (semver)
    Create a notification for this product.
    Credits
    Rocco Calvi (@TecR0c) with TecSecurity TrendAI Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32860",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-07T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T03:55:57.909Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "LabVIEW",
              "vendor": "NI",
              "versions": [
                {
                  "lessThan": "23.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "23.3.9",
                  "status": "affected",
                  "version": "23.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "24.3.6",
                  "status": "affected",
                  "version": "24.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "25.3.4",
                  "status": "affected",
                  "version": "25.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "26.1.1",
                  "status": "affected",
                  "version": "26.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "23.0.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "23.3.9",
                      "versionStartIncluding": "23.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "24.3.6",
                      "versionStartIncluding": "24.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25.3.4",
                      "versionStartIncluding": "25.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "26.1.1",
                      "versionStartIncluding": "26.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Rocco Calvi (@TecR0c) with TecSecurity"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "TrendAI Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVLIB file in NI LabVIEW.\u0026nbsp; This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .lvlib file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions.\u0026nbsp;\u003c/p\u003e"
                }
              ],
              "value": "There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVLIB file in NI LabVIEW.\u00a0 This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .lvlib file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787\u00a0- Out of Bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T19:42:36.167Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/lv-project-library-file-parsing-memory-corruption-vulnerability-in-ni-labview.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-Bounds Write Vulnerability in NI LabVIEW when loading lvlib file",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2026-32860",
        "datePublished": "2026-04-07T19:42:36.167Z",
        "dateReserved": "2026-03-16T20:29:24.840Z",
        "dateUpdated": "2026-04-08T03:55:57.909Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }