FatFs seven vulnerabilities (CVE-2026-6682)
Vulnerability
Summary
Hide ▲
Show ▼
runZero disclosed seven vulnerabilities in FatFs, including CVE-2026-6682, exposing embedded devices to memory corruption, code execution, crashes, data leakage, and hangs. The flaws affect firmware used in security cameras, drones, industrial controllers, and crypto wallets that read USB drives and SD cards. No upstream fix exists for the memory-corruption bugs, while proof-of-concept images and a working QEMU exploit example are public.
Timeline
-
03.07.2026 23:19 1 articles · 6d ago
runZero discloses seven vulnerabilities in FatFs
Initial DisclosurerunZero disclosed seven vulnerabilities in FatFs, the small FAT and exFAT filesystem library embedded in firmware for devices such as security cameras, drones, industrial controllers, and hardware crypto wallets. The flaws can let a booby-trapped USB drive, SD card, or update file corrupt memory and, on some targets, execute attacker-controlled code.
Show sources
- Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices — thehackernews.com — 03.07.2026 23:19
-
03.07.2026 23:19 1 articles · 6d ago
runZero publishes FatFs exploit material and vulnerability details
Technical Analysis UpdaterunZero published proof-of-concept disk images, a test harness, and a working QEMU-based exploit example for the FatFs bugs. The same report also breaks down the seven CVEs, including CVE-2026-6682, and says no attacks using these bugs had been reported as of the July 1 disclosure.
Show sources
- Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices — thehackernews.com — 03.07.2026 23:19