Vulnerability Details CVE-2026-6684
FatFs prior to R0.16 that use GPT scanning with 'FF_LBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field GPTH_PtNum, enabling extremely long or effectively infinite mount-time scans. This maps to CWE-835 (Loop with Unreachable Exit Condition). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (4.6, Medium). The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 10.6%
CVSS Severity
CVSS v3 Score 4.6
Products affected by CVE-2026-6684
-
cpe:2.3:a:elm-chan:fatfs:r0.07a
-
cpe:2.3:a:elm-chan:fatfs:r0.07c
-
cpe:2.3:a:elm-chan:fatfs:r0.07e
-
cpe:2.3:a:elm-chan:fatfs:r0.08
-
cpe:2.3:a:elm-chan:fatfs:r0.08a
-
cpe:2.3:a:elm-chan:fatfs:r0.08b
-
cpe:2.3:a:elm-chan:fatfs:r0.09
-
cpe:2.3:a:elm-chan:fatfs:r0.09a
-
cpe:2.3:a:elm-chan:fatfs:r0.09b
-
cpe:2.3:a:elm-chan:fatfs:r0.10
-
cpe:2.3:a:elm-chan:fatfs:r0.10a
-
cpe:2.3:a:elm-chan:fatfs:r0.10b
-
cpe:2.3:a:elm-chan:fatfs:r0.10c
-
cpe:2.3:a:elm-chan:fatfs:r0.11
-
cpe:2.3:a:elm-chan:fatfs:r0.11a
-
cpe:2.3:a:elm-chan:fatfs:r0.12
-
cpe:2.3:a:elm-chan:fatfs:r0.12a
-
cpe:2.3:a:elm-chan:fatfs:r0.12b
-
cpe:2.3:a:elm-chan:fatfs:r0.12c
-
cpe:2.3:a:elm-chan:fatfs:r0.13
-
cpe:2.3:a:elm-chan:fatfs:r0.13a
-
cpe:2.3:a:elm-chan:fatfs:r0.13b
-
cpe:2.3:a:elm-chan:fatfs:r0.13c
-
cpe:2.3:a:elm-chan:fatfs:r0.14
-
cpe:2.3:a:elm-chan:fatfs:r0.14a
-
cpe:2.3:a:elm-chan:fatfs:r0.14b
-
cpe:2.3:a:elm-chan:fatfs:r0.15
-
cpe:2.3:a:elm-chan:fatfs:r0.15a
-
cpe:2.3:a:elm-chan:fatfs:r0.15b