CVE Record
[ HIGH ] CVE-2026-6687
FatFs exFAT volume-label buffer overflow
A buffer overflow in FatFs's handling of exFAT volume labels can be triggered by a crafted volume presented to the parser. FatFs is embedded in many RTOS and firmware distributions. Disclosed by runZero on 2026-07-01 alongside six other FatFs CVEs; no upstream fix as of disclosure.
- Vendor
- ChaN / FatFs upstream
- Product
- FatFs (as shipped in downstream RTOS / firmware distributions)
- CVSS
- 7.6
- Status
- unpatched
- Published