CVE Record
[ HIGH ] CVE-2026-6688
FatFs long filename overflow in wrapper code
An overflow in FatFs's long-filename wrapper code can be triggered by a crafted filesystem entry. FatFs is embedded across many RTOS and firmware distributions. Disclosed by runZero on 2026-07-01 alongside six other FatFs CVEs; no upstream fix as of disclosure.
- Vendor
- ChaN / FatFs upstream
- Product
- FatFs (as shipped in downstream RTOS / firmware distributions)
- CVSS
- 7.6
- Status
- unpatched
- Published