CVE-2026-8036— Local privilege escalation in NI-PAL
Possible ATT&CK Techniques 3AI
T1055 · Process Injection T1203 · Exploitation for Client Execution T1068 · Exploitation for Privilege EscalationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-8036
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Local privilege escalation in NI-PAL
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1285
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-8036
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-8036
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-8036 (1)
IV. Related Vulnerabilities
Same product: NI-PAL
Same vendor: NI
- CVE-2026-8035
NULL pointer dereference in NI-PAL - CVE-2026-9051
Authentication Bypass Vulnerability in NI SystemLink Enterpr - CVE-2026-32864
Out-of-Bounds Read in mgcore_SH_25_3!aligned_free() - CVE-2026-32863
Out-of-Bounds Read in sentry_transaction_context_set_operati - CVE-2026-32862
Out-of-Bounds Write in ResFileFactory::InitResourceMgr()
Same weakness: CWE-1285
- CVE-2026-9100
Heap memory out of bounds read and crash in C Driver legacy - CVE-2026-33557
Apache Kafka: Missing JWT token validation in OAUTHBEARER au - CVE-2018-25232
Softros LAN Messenger 9.2 Denial of Service via Log Files Lo - CVE-2019-25625
Blob Studio 2.17 Denial of Service via Malformed Input - CVE-2019-25622
Paint Studio 2.17 Denial of Service via Malformed Input
V. Comments for CVE-2026-8036
No comments yet