{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-32926/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-32926"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["cve-2026-32926","out-of-bounds read","information disclosure"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-32926 is an out-of-bounds read vulnerability affecting V-SFT versions 6.2.10.0 and earlier. The vulnerability exists within the \u003ccode\u003eVS6ComFile!load_link_inf\u003c/code\u003e function, which is responsible for processing V7 files. An attacker can exploit this vulnerability by crafting a malicious V7 file that, when opened by a vulnerable V-SFT application, triggers an out-of-bounds read. Successful exploitation could lead to information disclosure, potentially exposing sensitive data to the attacker. This vulnerability was reported and disclosed by JPCERT/CC.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable V-SFT version (6.2.10.0 or prior).\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious V7 file designed to trigger the out-of-bounds read in the \u003ccode\u003eVS6ComFile!load_link_inf\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eAttacker delivers the crafted V7 file to a target user, potentially through social engineering or other means.\u003c/li\u003e\n\u003cli\u003eThe target user opens the malicious V7 file using the vulnerable V-SFT application.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eVS6ComFile!load_link_inf\u003c/code\u003e function attempts to read data beyond the allocated buffer while processing the crafted V7 file.\u003c/li\u003e\n\u003cli\u003eThis out-of-bounds read allows the attacker to access memory regions outside the intended boundaries.\u003c/li\u003e\n\u003cli\u003eThe attacker gains access to sensitive information stored in the adjacent memory regions due to the information disclosure.\u003c/li\u003e\n\u003cli\u003eThe attacker extracts the disclosed information for malicious purposes.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-32926 can lead to information disclosure, potentially exposing sensitive data to an attacker. While the specific impact depends on the nature of the disclosed information, it could include intellectual property, configuration details, or other confidential data. The vulnerability affects systems running vulnerable versions of V-SFT.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade V-SFT to a version greater than 6.2.10.0 to patch CVE-2026-32926.\u003c/li\u003e\n\u003cli\u003eMonitor for attempts to open unusual or suspicious V7 files using V-SFT applications.\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rule \u003ccode\u003eDetect VS-FT opening unusual files\u003c/code\u003e to detect suspicious file access patterns.\u003c/li\u003e\n\u003cli\u003eReview the V-SFT vendor\u0026rsquo;s advisory for additional mitigation guidance (\u003ca href=\"https://felib.fujielectric.co.jp/en/M10010/M20060/document_detail/5d9dd71d-9494-41a4-aa5c-8e6b8b21066b?region=en-glb\"\u003ehttps://felib.fujielectric.co.jp/en/M10010/M20060/document_detail/5d9dd71d-9494-41a4-aa5c-8e6b8b21066b?region=en-glb\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-01T23:17:02Z","date_published":"2026-04-01T23:17:02Z","id":"/briefs/2026-04-v-sft-oob-read/","summary":"V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in the VS6ComFile!load_link_inf function, allowing for potential information disclosure when opening a crafted V7 file.","title":"V-SFT Out-of-Bounds Read Vulnerability (CVE-2026-32926)","url":"https://feed.craftedsignal.io/briefs/2026-04-v-sft-oob-read/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-32926","version":"https://jsonfeed.org/version/1.1"}