CVE-2026-0955: CWE-125 Out-of-bounds read in Digilent DASYLab
There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab.
AI Analysis
Technical Summary
CVE-2026-0955 is a vulnerability classified under CWE-125 (Out-of-bounds Read) affecting all versions of Digilent's DASYLab software. The flaw arises when the software attempts to load a corrupted file, leading to an out-of-bounds memory read. This memory corruption can cause the application to leak sensitive information or allow an attacker to execute arbitrary code within the context of the affected application. The attack vector requires local access and user interaction, specifically the victim opening a maliciously crafted file. The CVSS 3.1 base score of 7.8 reflects a high severity, with attack vector being local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), but user interaction required (UI:R). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). Although no patches or exploits are currently known, the vulnerability poses a serious risk to environments where DASYLab is used, especially in industrial, scientific, or engineering contexts where this software is common. The lack of a patch at the time of publication necessitates immediate mitigation efforts to reduce exposure.
Potential Impact
The vulnerability can lead to severe consequences including unauthorized disclosure of sensitive data, corruption or manipulation of data, and full compromise of the affected system through arbitrary code execution. Organizations relying on DASYLab for data acquisition and analysis in critical industrial, research, or engineering environments could face operational disruption, intellectual property theft, or safety risks if exploited. The requirement for user interaction limits remote exploitation but does not eliminate risk, especially in environments where users may open files from untrusted sources. The high impact on confidentiality, integrity, and availability underscores the potential for significant damage to organizational assets and reputation.
Mitigation Recommendations
Until an official patch is released, organizations should implement strict controls on file sources by restricting or blocking the opening of DASYLab files from untrusted or unknown origins. User training should emphasize the risks of opening unsolicited or suspicious files. Employ application whitelisting and sandboxing techniques to limit the execution context of DASYLab. Network segmentation can reduce exposure by isolating systems running DASYLab from less trusted networks. Monitoring for unusual application behavior or crashes may help detect exploitation attempts. Additionally, organizations should maintain up-to-date backups and prepare incident response plans specific to this vulnerability. Once a patch becomes available, prompt testing and deployment are critical to fully remediate the risk.
Affected Countries
United States, Germany, Japan, South Korea, China, United Kingdom, France, Canada, Australia, Switzerland
CVE-2026-0955: CWE-125 Out-of-bounds read in Digilent DASYLab
Description
There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file. This vulnerability affects all versions of Digilent DASYLab.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-0955 is a vulnerability classified under CWE-125 (Out-of-bounds Read) affecting all versions of Digilent's DASYLab software. The flaw arises when the software attempts to load a corrupted file, leading to an out-of-bounds memory read. This memory corruption can cause the application to leak sensitive information or allow an attacker to execute arbitrary code within the context of the affected application. The attack vector requires local access and user interaction, specifically the victim opening a maliciously crafted file. The CVSS 3.1 base score of 7.8 reflects a high severity, with attack vector being local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), but user interaction required (UI:R). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). Although no patches or exploits are currently known, the vulnerability poses a serious risk to environments where DASYLab is used, especially in industrial, scientific, or engineering contexts where this software is common. The lack of a patch at the time of publication necessitates immediate mitigation efforts to reduce exposure.
Potential Impact
The vulnerability can lead to severe consequences including unauthorized disclosure of sensitive data, corruption or manipulation of data, and full compromise of the affected system through arbitrary code execution. Organizations relying on DASYLab for data acquisition and analysis in critical industrial, research, or engineering environments could face operational disruption, intellectual property theft, or safety risks if exploited. The requirement for user interaction limits remote exploitation but does not eliminate risk, especially in environments where users may open files from untrusted sources. The high impact on confidentiality, integrity, and availability underscores the potential for significant damage to organizational assets and reputation.
Mitigation Recommendations
Until an official patch is released, organizations should implement strict controls on file sources by restricting or blocking the opening of DASYLab files from untrusted or unknown origins. User training should emphasize the risks of opening unsolicited or suspicious files. Employ application whitelisting and sandboxing techniques to limit the execution context of DASYLab. Network segmentation can reduce exposure by isolating systems running DASYLab from less trusted networks. Monitoring for unusual application behavior or crashes may help detect exploitation attempts. Additionally, organizations should maintain up-to-date backups and prepare incident response plans specific to this vulnerability. Once a patch becomes available, prompt testing and deployment are critical to fully remediate the risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- NI
- Date Reserved
- 2026-01-14T19:16:23.783Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69b42da82f860ef943f7d601
Added to database: 3/13/2026, 3:30:48 PM
Last enriched: 3/21/2026, 12:42:36 AM
Last updated: 4/27/2026, 6:53:54 PM
Views: 87
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.