{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32928", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2026-03-16T23:27:50.173Z", "datePublished": "2026-04-01T22:59:39.379Z", "dateUpdated": "2026-04-02T13:32:44.120Z"}, "containers": {"cna": {"affected": [{"vendor": "FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd.", "product": "V-SFT", "versions": [{"version": "6.2.10.0 and prior", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product."}], "problemTypes": [{"descriptions": [{"description": "Stack-based buffer overflow", "lang": "en-US", "cweId": "CWE-121", "type": "CWE"}]}], "references": [{"url": "https://felib.fujielectric.co.jp/en/M10010/M20060/document_detail/5d9dd71d-9494-41a4-aa5c-8e6b8b21066b?region=en-glb"}, {"url": "https://jvn.jp/en/vu/JVNVU90448293/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.4, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-04-01T22:59:39.379Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T13:27:06.639098Z", "id": "CVE-2026-32928", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T13:32:44.120Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 8.4, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd.", "product": "V-SFT", "versions": [{"status": "affected", "version": "6.2.10.0 and prior"}]}], "references": [{"url": "https://felib.fujielectric.co.jp/en/M10010/M20060/document_detail/5d9dd71d-9494-41a4-aa5c-8e6b8b21066b?region=en-glb"}, {"url": "https://jvn.jp/en/vu/JVNVU90448293/"}], "descriptions": [{"lang": "en", "value": "V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based buffer overflow"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-04-01T22:59:39.379Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32928", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-02T13:27:06.639098Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-04-02T13:27:10.936Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-32928", "state": "PUBLISHED", "dateUpdated": "2026-04-01T22:59:39.379Z", "dateReserved": "2026-03-16T23:27:50.173Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2026-04-01T22:59:39.379Z", "assignerShortName": "jpcert"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fujielectric:v-sft:*:*:*:*:*:*:*:*", "matchCriteriaId": "36E67AE4-958D-4DA7-B5E2-95A3BDD29BF6", "versionEndIncluding": "6.2.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product."}], "id": "CVE-2026-32928", "lastModified": "2026-04-07T18:27:31.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2026-04-01T23:17:03.267", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Release Notes"], "url": "https://felib.fujielectric.co.jp/en/M10010/M20060/document_detail/5d9dd71d-9494-41a4-aa5c-8e6b8b21066b?region=en-glb"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/vu/JVNVU90448293/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,6.2.10.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "V-SFT", "source": "cna", "vendor": "FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd."}, "product": "v-sft", "vendor": "fujielectric"}], "analysis": {"en": {"generated_at": "2026-04-07T21:44:41.729544+00:00", "value": {"mitigation_remediation": ["Update to a version newer than 6.2.10.0 if available", "If no patch exists, block or disable processing of V7 files or restrict file access rights", "Verify all firmware updates in the vendor\u2019s advisory and install them promptly", "Monitor the device for abnormal process activity or unexpected code execution"], "summary": {"action": "Apply Patch", "impact": "Arbitrary code execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects V\u2011SFT products from Fuji Electric Co., Ltd. and Hakko Electronics Co., Ltd. specifically the V\u2011SFT software versions 6.2.10.0 and earlier. No later versions are listed as affected in the current advisory.", "description_and_impact": "A stack-based buffer overflow occurs in the function _conv_AnimationItem within V\u2011SFT versions 6.2.10.0 and earlier. When a user opens a specially crafted V7 file, the overflow can trigger execution of arbitrary code running in the same context as the affected firmware. This flaw grants an attacker potential control over the device\u2019s data, possibly allowing unauthorized modification or extraction of data and may facilitate further attacks on connected systems.", "risk_and_exploitability": "The CVSS score of 8.4 indicates a high severity with a large impact on confidentiality, integrity, and availability. The EPSS score of less than 1% suggests a low probability of exploitation at this time, and the vulnerability is not currently listed in the CISA KEV catalog. Exploitation would require an attacker to deliver a crafted V7 file to the target, implying a local or remote user that can trigger file processing. If an attacker gains the necessary privilege, they could execute malicious code on the device."}}}}, "created": "2026-04-02T07:47:00.481084+00:00", "updated": "2026-04-08T19:56:40.780310+00:00", "vendors": ["fujielectric", "fujielectric$PRODUCT$v-sft"]}