Find notable cyber news and cases, enriched with sources, timelines, and signals.

FatFs seven vulnerabilities (CVE-2026-6682)

Vulnerability
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

runZero disclosed seven vulnerabilities in FatFs, including CVE-2026-6682, exposing embedded devices to memory corruption, code execution, crashes, data leakage, and hangs. The flaws affect firmware used in security cameras, drones, industrial controllers, and crypto wallets that read USB drives and SD cards. No upstream fix exists for the memory-corruption bugs, while proof-of-concept images and a working QEMU exploit example are public.

Timeline

  1. 03.07.2026 23:19 1 articles · 6d ago

    runZero discloses seven vulnerabilities in FatFs

    Initial Disclosure

    runZero disclosed seven vulnerabilities in FatFs, the small FAT and exFAT filesystem library embedded in firmware for devices such as security cameras, drones, industrial controllers, and hardware crypto wallets. The flaws can let a booby-trapped USB drive, SD card, or update file corrupt memory and, on some targets, execute attacker-controlled code.

    Show sources
  2. 03.07.2026 23:19 1 articles · 6d ago

    runZero publishes FatFs exploit material and vulnerability details

    Technical Analysis Update

    runZero published proof-of-concept disk images, a test harness, and a working QEMU-based exploit example for the FatFs bugs. The same report also breaks down the seven CVEs, including CVE-2026-6682, and says no attacks using these bugs had been reported as of the July 1 disclosure.

    Show sources