{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-32864/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-32864"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-32864","labview","memory-corruption","out-of-bounds-read"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA memory corruption vulnerability, identified as CVE-2026-32864, exists within National Instruments (NI) LabVIEW software. The flaw is triggered by an out-of-bounds read within the \u003ccode\u003emgcore_SH_25_3!aligned_free()\u003c/code\u003e function. An attacker can exploit this vulnerability by enticing a user to open a specially crafted VI (Virtual Instrument) file. Successful exploitation could lead to information disclosure, potentially exposing sensitive data handled by LabVIEW, or arbitrary code execution, granting the attacker control over the affected system. This vulnerability affects NI LabVIEW versions 2026 Q1 (26.1.0) and all prior versions, making a wide range of LabVIEW installations susceptible.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious LabVIEW VI file designed to trigger the out-of-bounds read in \u003ccode\u003emgcore_SH_25_3!aligned_free()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker uses social engineering to convince a victim to open the specially crafted VI file.\u003c/li\u003e\n\u003cli\u003eThe victim opens the malicious VI file using a vulnerable version of NI LabVIEW (2026 Q1 (26.1.0) and prior).\u003c/li\u003e\n\u003cli\u003eLabVIEW attempts to process the malformed data within the VI file.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003emgcore_SH_25_3!aligned_free()\u003c/code\u003e function is called during the VI file processing.\u003c/li\u003e\n\u003cli\u003eThe out-of-bounds read occurs when \u003ccode\u003ealigned_free()\u003c/code\u003e attempts to access memory outside of allocated bounds.\u003c/li\u003e\n\u003cli\u003eDepending on the memory layout, this can lead to information disclosure by leaking memory contents, or arbitrary code execution by overwriting critical data.\u003c/li\u003e\n\u003cli\u003eIf arbitrary code execution is achieved, the attacker can then install malware, exfiltrate data, or perform other malicious actions on the compromised system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-32864 can have serious consequences. Information disclosure could expose sensitive data processed by LabVIEW, such as measurement data, control algorithms, or proprietary code. Arbitrary code execution would allow an attacker to gain complete control over the affected system, enabling them to install malware, steal data, or disrupt operations. The vulnerability affects a broad range of LabVIEW users, potentially impacting industrial control systems, research and development environments, and other critical applications.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch provided by National Instruments for CVE-2026-32864 to remediate the out-of-bounds read vulnerability. Refer to the NI security advisory for specific instructions.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eLabVIEW_Suspicious_VI_File_Open\u003c/code\u003e to detect suspicious LabVIEW VI files being opened based on file path or other attributes.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for \u003ccode\u003eLabVIEW.exe\u003c/code\u003e spawning unusual child processes or accessing unusual network resources after a VI file has been opened, which could indicate successful code execution (see \u003ccode\u003eLabVIEW_Suspicious_Child_Process\u003c/code\u003e rule).\u003c/li\u003e\n\u003cli\u003eEducate users about the risks of opening untrusted VI files and emphasize the importance of verifying the source of any VI file before opening it.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-08T12:00:00Z","date_published":"2026-04-08T12:00:00Z","id":"/briefs/2026-04-labview-oob-read/","summary":"A memory corruption vulnerability exists in NI LabVIEW due to an out-of-bounds read in mgcore_SH_25_3!aligned_free(), potentially leading to information disclosure or arbitrary code execution if a user opens a specially crafted VI file.","title":"NI LabVIEW Out-of-Bounds Read Vulnerability (CVE-2026-32864)","url":"https://feed.craftedsignal.io/briefs/2026-04-labview-oob-read/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-32864","version":"https://jsonfeed.org/version/1.1"}