Primary

Context

NI-PAL Kernel Driver NULL Pointer Dereference Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the NI-PAL kernel driver, affecting versions through 26.3.0 on Windows, Linux, and Linux Real-Time. The issue arises from improper input validation, which may allow a local authenticated user to cause a crash by triggering a NULL pointer dereference.

Impact

Exploitation of this vulnerability leads to a crash of the NI-PAL kernel driver, causing a denial-of-service condition.

Remediation

Users are advised to upgrade to NI-PAL version 26.3.1 or later. For Windows, this can be done by installing NI-VISA 2026 Q2 Patch 1 or later. On Linux desktops, NI Linux Device Drivers 2026 Q2 or later should be installed. For NI Linux Real-Time, NI Linux RT System Image 2026 Q2 or later is recommended.

Added: Jun 2, 2026, 8:19 PM

Updated: Jun 2, 2026, 8:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

2.9

remediation

7.7

relevance

9.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

2.9

remediation

7.7

relevance

9.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NI-PAL Kernel Driver NULL Pointer Dereference Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

NI-PAL

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating