Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
Published: 2026-04-01
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch
AI Analysis

Impact

The vulnerability is an out‑of‑bounds read in the VS6ComFile!load_link_inf routine. When a crafted V7 file is processed, the function may read data from memory locations beyond the intended buffer, allowing an attacker to obtain sensitive information stored elsewhere. The exploit does not provide code execution; it is limited to leaking data that the system can read.

Affected Systems

Fuji Electric and Hakko Electronics’ V‑SFT product, specifically versions 6.2.10.0 and earlier. No other versions are listed as affected, and the issue is confined to these software releases.

Risk and Exploitability

The CVSS score of 8.4 indicates a high severity vulnerability. With an EPSS score below 1 % and no listing in CISA’s KEV catalog, current exploitation activity is likely low, but the impact remains significant for any user who opens a malicious V7 file. The attack vector is inferred to be local or controlled, as the victim must open or trigger processing of a crafted file. Preventing exposure of such files or updating to newer versions mitigates the risk.

Generated by OpenCVE AI on April 7, 2026 at 21:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available firmware or software update that addresses the VS6ComFile vulnerability.
  • If an update is not available, avoid opening or processing unknown V7 files in V‑SFT.
  • Ensure that file permissions restrict unauthorized users from creating or modifying V7 files meant for the application.

Generated by OpenCVE AI on April 7, 2026 at 21:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Read in VS6ComFile Leading to Information Disclosure

Tue, 07 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:fujielectric:v-sft:*:*:*:*:*:*:*:*

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Fujielectric
Fujielectric v-sft
Vendors & Products Fujielectric
Fujielectric v-sft

Thu, 02 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Fujielectric V-sft
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-04-02T13:33:02.118Z

Reserved: 2026-03-16T23:27:50.173Z

Link: CVE-2026-32926

cve-icon Vulnrichment

Updated: 2026-04-02T13:27:44.502Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T23:17:02.960

Modified: 2026-04-07T18:43:08.363

Link: CVE-2026-32926

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:56:43Z

Weaknesses