Skip to content
feed: live about
>_ 0dayNews
CVE Record
[ HIGH ] CVE-2026-6688

FatFs long filename overflow in wrapper code

An overflow in FatFs's long-filename wrapper code can be triggered by a crafted filesystem entry. FatFs is embedded across many RTOS and firmware distributions. Disclosed by runZero on 2026-07-01 alongside six other FatFs CVEs; no upstream fix as of disclosure.

cat cve-2026-6688.json
Vendor
ChaN / FatFs upstream
Product
FatFs (as shipped in downstream RTOS / firmware distributions)
CVSS
7.6
Status
unpatched
Published