Remote Code Execution in NI LabVIEW LVLIB Parsing (CVE‑2026‑32860) Threatens Engineering Workflows
What It Is – A memory‑corruption flaw in the LVLIB file parser of National Instruments (NI) LabVIEW allows an attacker to execute arbitrary code on the host system. The vulnerability is tracked as CVE‑2026‑32860.
Exploitability – Remote exploitation is possible once a victim opens a crafted LVLIB file or visits a malicious page that triggers the parser. A proof‑of‑concept exists; CVSS 7.8 (High).
Affected Products – NI LabVIEW (all versions prior to the April 2026 security update).
TPRM Impact – LabVIEW is widely used in product design, test automation, and data acquisition across manufacturing, aerospace, and research firms. A compromised LabVIEW installation can serve as a foothold for supply‑chain attacks, potentially exposing proprietary designs, test data, and downstream partner systems.
Recommended Actions –
- Deploy NI’s security update for LabVIEW immediately.
- Enforce strict file‑type controls; block LVLIB files from untrusted sources.
- Conduct a rapid inventory of all LabVIEW installations within your vendor ecosystem.
- Verify that endpoint protection solutions can detect anomalous LVLIB parsing activity.
- Review incident response playbooks to include malicious LabVIEW payload scenarios.