CVE-2026-6683
MEDIUMDescription
FatFs R0.16 and earlier contains a divide-by-zero in exFAT sync logic bug when crafted metadata causes n_fatent - 2 to be zero during write/sync operations. This maps to CWE-369 (Divide By Zero). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (4.6, Medium). Network-delivered update media can make this remote in some pipelines. The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| elm-chan | fatfs |
References
Frequently Asked Questions
What is CVE-2026-6683? +
How severe is CVE-2026-6683? +
What products are affected by CVE-2026-6683? +
How do I check if I'm vulnerable to CVE-2026-6683? +
Related Vulnerabilities
Divide By Zero vulnerability in davisking dlib allows remote attackers to cause a denial of service via a crafted file. …
RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. RISC packages risc0-zkvm versions …
An issue was discovered in OpenAirInterface5G 2.4.0 (nr-softmodem) in the E2SM-KPM RAN Function's PRB utilization metric calculation. The functions fill_RRU_PrbTotDl() …
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix nr_cpus < nr_iaa case If nr_cpus …
BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero
BT:Classic: Multiple missing buf length checks