Out-of-Bounds Read Vulnerabilities in DASYLab
Created Jun 09, 2026
Overview
There are multiple out-of-bounds read vulnerabilities when parsing user-supplied files in DASYLab that may result in information disclosure or arbitrary code execution. Successful exploitation requires a user to open a specially crafted DASYLab file, and these vulnerabilities affect all versions of DASYLab.
This advisory covers CVE-2026-0955, and CVE-2026-0956.
Contents
- Mitigation Guidance
- Affected Products
- CVSS Score
- Further Information
- Acknowledgements
- Additional Resources
Mitigation Guidance
Update to the current version of DASYLab. For older versions: There are no fixes available for these issues in the referenced advisories. Always: Avoid opening files from untrusted sources.
Affected Products
|
Product Version |
Mitigation |
|
DASYLab – all versions before 2026.0 |
Avoid opening untrusted DSB files |
|
DASYLab 2026.0 |
Not affected |
CVSS Score
- CVE-2026-0955 – 7.8 (CVSS 3.1), AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- CVE-2026-0955 – 8.5 (CVSS 4.0), AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA
- CVE-2026-0956 – 7.8 (CVSS 3.1), AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- CVE-2026-0956 – 8.5 (CVSS 4.0), AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Further Information
NI describes both issues as out-of-bounds read vulnerabilities when parsing user files in DASYLab. Public vulnerability records also describe CVE-2026-0956 as a memory-corruption issue due to an out-of-bounds read when loading a corrupted file.
Acknowledgements
Digilent credited Rocco Calvi (@TecR0c) with TecSecurity, working with Trend Micro Zero Day Initiative, for reporting these issues and coordinating disclosure.