CVE-2026-32928
Stack-Based Buffer Overflow in V-SFT Allows Code Execution
Publication date: 2026-04-01
Last updated on: 2026-04-07
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fujielectric | v-sft | to 6.2.10.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow found in V-SFT versions 6.2.10.0 and earlier, specifically in the function VS6ComFile!CSaveData::_conv_AnimationItem. It occurs when opening a specially crafted V7 file, which can cause the program to execute arbitrary code.
How can this vulnerability impact me? :
Exploiting this vulnerability can allow an attacker to execute arbitrary code on the affected system. This means the attacker could potentially take control of the system, leading to data loss, system compromise, or further attacks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided context and resources do not contain specific information regarding the impact of CVE-2026-32928 on compliance with common standards and regulations such as GDPR or HIPAA.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users should update the V-SFT software to version 6.2.11.0 or later, as this version addresses the stack-based buffer overflow issues.
- Identify systems running V-SFT version 6.2.10.0 or earlier.
- Obtain and install the V-SFT version 6.2.11.0 update from Fuji Electric.
- Avoid opening untrusted or crafted V7 files that could trigger the vulnerability.