Critical FatFs Vulnerabilities Enable Physical Access Attacks on Millions of Devices

Critical FatFs Vulnerabilities Enable Physical Access Attacks on Millions of Devices

First seen 3 Jul 2026, 13:32 UTC Risky.BizNews.Risky.BizCybersecuritynewsFeeds.4Sysops 81% similarity 66.6

Article Content

Browse articles
ThreatCluster

Security firm runZero has identified seven unpatched vulnerabilities in the FatFs filesystem driver, affecting millions of embedded devices. These vulnerabilities can be exploited through malicious media or firmware images, leading to memory corruption, denial of service, and potential code execution. Devices utilizing FatFs, which is widely adopted in industrial and IoT ecosystems, are at risk, including those based on various RTOS platforms. The vulnerabilities range from CVSS Medium to High severity, with no patches currently available. Exploitation requires physical access to the device, but some scenarios allow for remote exploitation via OTA updates. The vulnerabilities are cataloged as CVE-2026-8451 and CVE-2026-45659, with the latter being actively exploited. The lack of patches and the extensive use of FatFs across devices heighten the urgency for manufacturers to address these issues.

Key Points: • Seven unpatched vulnerabilities in FatFs expose millions of embedded devices. • Exploitation requires physical access or can occur during OTA updates. • No patches are available, and the vulnerabilities are classified as Medium to High severity.

ThreatCluster AI

Timeline

2026-05-22
CVE-2026-45659 published
runZero published another vulnerability in FatFs, which was later added to CISA KEV for active exploitation.
Feeds.4Sysops
2026-06-30
CVE-2026-8451 published
runZero disclosed a vulnerability in FatFs that can lead to memory corruption and code execution.
Feeds.4Sysops
2026-07-01
First public PoC for CVE-2026-8451
Proof of concept for the FatFs vulnerability was made public, increasing the risk of exploitation.
Feeds.4Sysops
2026-07-01
CVE-2026-45659 added to CISA KEV
CISA included this vulnerability in its Known Exploited Vulnerabilities catalog due to active exploitation.
Feeds.4Sysops

Community

Browse all →