Critical Remote Code Execution in NI LabVIEW (CVE‑2026‑32861) via LVCLASS File Parsing
What It Is – A memory‑corruption flaw in the LVCLASS file parser of National Instruments LabVIEW allows an attacker to execute arbitrary code in the context of the LabVIEW process. The vulnerability (CVE‑2026‑32861) scores 7.8 (High) on CVSS 3.1.
Exploitability – Exploitation requires a victim to open a malicious LVCLASS file or visit a crafted web page that triggers the parser. No public exploit code is known, but the low attack complexity and high impact make it a prime target for weaponisation.
Affected Products – NI LabVIEW (all versions that accept LVCLASS files prior to the 2026 security update).
TPRM Impact – LabVIEW is widely used for engineering, scientific research, and product development across many supply‑chain tiers. A compromised LabVIEW installation can lead to the injection of malicious code into downstream firmware, CAD models, or proprietary algorithms, exposing intellectual property and creating a vector for broader supply‑chain attacks.
Recommended Actions –
- Deploy NI’s security update for LabVIEW immediately.
- Block or sandbox LVCLASS files from untrusted sources (email, web downloads, USB).
- Enforce application‑allow‑list policies on engineering workstations.
- Monitor process‑creation events for unexpected LabVIEW activity and enable EDR alerts for memory‑corruption exploits.
- Review third‑party contracts that rely on LabVIEW‑generated artifacts and require vendors to confirm patch compliance.