BotBeat
...
← Back

> ▌

AnthropicAnthropic
RESEARCHAnthropic2026-04-01

Claude AI Used to Discover Critical FreeBSD Kernel RCE Vulnerability (CVE-2026-4747)

Key Takeaways

  • ▸Claude AI successfully identified and developed a functional kernel exploit for CVE-2026-4747, a critical FreeBSD RPCSEC_GSS stack buffer overflow affecting NFS servers
  • ▸The vulnerability stems from missing bounds validation on credential length, allowing attackers to trigger a stack buffer overflow that overwrites return addresses and achieves unauthenticated remote code execution as root
  • ▸The discovery highlights both the security implications of AI-assisted vulnerability research and the importance of rigorous input validation in kernel-level RPC code
Sources:
Hacker Newshttps://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md↗
Hacker Newshttps://blog.calif.io/p/mad-bugs-claude-wrote-a-full-freebsd↗

Summary

A critical remote code execution vulnerability has been discovered in FreeBSD's RPCSEC_GSS authentication module (kgssapi.ko) that allows unauthenticated attackers to gain root-level access on NFS servers. The vulnerability, CVE-2026-4747, stems from a stack buffer overflow in the svc_rpc_gss_validate() function that fails to validate credential length before copying untrusted data into a 128-byte stack buffer. Notably, the vulnerability was identified and a full working exploit was developed using Claude, Anthropic's large language model, demonstrating the AI's capability in security research and vulnerability analysis.

The flaw affects multiple FreeBSD versions including 13.5, 14.3, 14.4, and 15.0 running NFS servers with RPCSEC_GSS authentication enabled on port 2049/TCP. The overflow allows attackers to overwrite saved registers and the function's return address, enabling arbitrary kernel code execution with root privileges. FreeBSD has released patches for affected versions, with the fix implementing a simple bounds check to prevent oversized credentials from exceeding the buffer's remaining 96 bytes of available space.

  • Patches are available for FreeBSD 14.4-RELEASE-p1 and later versions, implemented through a single bounds-check safeguard

Editorial Opinion

This disclosure raises important questions about the dual-use nature of advanced AI systems in cybersecurity. While Claude's ability to identify and exploit a critical kernel vulnerability demonstrates the sophistication of modern LLMs, it also underscores the urgent need for proactive security auditing in widely-used systems. The vulnerability's simplicity—a missing bounds check—suggests that systematic AI-assisted code review could become a powerful defensive tool, provided the results are responsibly disclosed and patched before weaponization.

Large Language Models (LLMs)AI AgentsDeep LearningCybersecurityAI Safety & Alignment

More from Anthropic

AnthropicAnthropic
RESEARCH

Anthropic Study Reveals AI Agent Memory Retrieval Accuracy at Just 9%, Exposing Infrastructure Challenges

2026-07-04
AnthropicAnthropic
POLICY & REGULATION

Anthropic Receives Cease and Desist Over Claude Desktop Privacy Violations

2026-07-04
AnthropicAnthropic
RESEARCH

Research: How URLs in Prompts Can Influence LLM Outputs Toward Training Data

2026-07-03

Comments

Suggested

MicrosoftMicrosoft
RESEARCH

Microsoft's Leaked 'Aion' Project Reveals Vision for Copilot-First Operating System

2026-07-04
Google / AlphabetGoogle / Alphabet
RESEARCH

Stanford Researchers Use Multi-Agent AI and Reinforcement Learning to Improve HIP Kernel Generation for AMD GPUs

2026-07-04
LLM Agent EcosystemLLM Agent Ecosystem
RESEARCH

Researchers Expose Critical Payload-Less Attack on LLM Agent Supply Chains

2026-07-04
← Back to news
© 2026 BotBeat
AboutPrivacy PolicyTerms of ServiceContact Us