V-SFT Out-of-Bounds Read Vulnerability (CVE-2026-32926)
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in the VS6ComFile!load_link_inf function, allowing for potential information disclosure when opening a crafted V7 file.
CVE-2026-32926 is an out-of-bounds read vulnerability affecting V-SFT versions 6.2.10.0 and earlier. The vulnerability exists within the VS6ComFile!load_link_inf function, which is responsible for processing V7 files. An attacker can exploit this vulnerability by crafting a malicious V7 file that, when opened by a vulnerable V-SFT application, triggers an out-of-bounds read. Successful exploitation could lead to information disclosure, potentially exposing sensitive data to the attacker. This vulnerability was reported and disclosed by JPCERT/CC.
Attack Chain
- Attacker identifies a vulnerable V-SFT version (6.2.10.0 or prior).
- Attacker crafts a malicious V7 file designed to trigger the out-of-bounds read in the
VS6ComFile!load_link_inffunction. - Attacker delivers the crafted V7 file to a target user, potentially through social engineering or other means.
- The target user opens the malicious V7 file using the vulnerable V-SFT application.
- The
VS6ComFile!load_link_inffunction attempts to read data beyond the allocated buffer while processing the crafted V7 file. - This out-of-bounds read allows the attacker to access memory regions outside the intended boundaries.
- The attacker gains access to sensitive information stored in the adjacent memory regions due to the information disclosure.
- The attacker extracts the disclosed information for malicious purposes.
Impact
Successful exploitation of CVE-2026-32926 can lead to information disclosure, potentially exposing sensitive data to an attacker. While the specific impact depends on the nature of the disclosed information, it could include intellectual property, configuration details, or other confidential data. The vulnerability affects systems running vulnerable versions of V-SFT.
Recommendation
- Upgrade V-SFT to a version greater than 6.2.10.0 to patch CVE-2026-32926.
- Monitor for attempts to open unusual or suspicious V7 files using V-SFT applications.
- Implement the Sigma rule
Detect VS-FT opening unusual filesto detect suspicious file access patterns. - Review the V-SFT vendor’s advisory for additional mitigation guidance (https://felib.fujielectric.co.jp/en/M10010/M20060/document_detail/5d9dd71d-9494-41a4-aa5c-8e6b8b21066b?region=en-glb).
Detection coverage 2
Detect VS-FT opening unusual files
lowDetects V-SFT opening files with unusual extensions, potentially indicating a crafted V7 file.
Detect V-SFT.exe execution from unusual folders
mediumDetects V-SFT executing from folders other than its typical installation directory, potentially indicating a rogue or tampered executable.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1
2
url
| Type | Value |
|---|---|
| url | https://felib.fujielectric.co.jp/en/M10010/M20060/document_detail/5d9dd71d-9494-41a4-aa5c-8e6b8b21066b?region=en-glb |
| url | https://jvn.jp/en/vu/JVNVU90448293/ |
| [email protected] |