Skip to content
feed: live about
>_ 0dayNews
CVE Record
[ HIGH ] CVE-2026-6687

FatFs exFAT volume-label buffer overflow

A buffer overflow in FatFs's handling of exFAT volume labels can be triggered by a crafted volume presented to the parser. FatFs is embedded in many RTOS and firmware distributions. Disclosed by runZero on 2026-07-01 alongside six other FatFs CVEs; no upstream fix as of disclosure.

cat cve-2026-6687.json
Vendor
ChaN / FatFs upstream
Product
FatFs (as shipped in downstream RTOS / firmware distributions)
CVSS
7.6
Status
unpatched
Published