Skip to content
feed: live about
>_ 0dayNews
CVE Record
[ HIGH ] CVE-2026-6682

FatFs FAT32 mount integer overflow leading to memory corruption

An integer overflow in FatFs's FAT32 mount path can be triggered by a crafted volume and lead to memory corruption and possible code execution on the parsing device. FatFs ships inside many embedded stacks (ESP-IDF, STM32Cube, Zephyr, MicroPython, ArduPilot, RT-Thread, Mbed, TizenRT, SWUpdate). Disclosed by runZero on 2026-07-01; no upstream fix as of disclosure.

cat cve-2026-6682.json
Vendor
ChaN / FatFs upstream
Product
FatFs (as shipped in downstream RTOS / firmware distributions)
CVSS
7.6
Status
unpatched
Published