Claude AI Used to Discover Critical FreeBSD Kernel RCE Vulnerability (CVE-2026-4747)

Summary

A critical remote code execution vulnerability has been discovered in FreeBSD's RPCSEC_GSS authentication module (kgssapi.ko) that allows unauthenticated attackers to gain root-level access on NFS servers. The vulnerability, CVE-2026-4747, stems from a stack buffer overflow in the svc_rpc_gss_validate() function that fails to validate credential length before copying untrusted data into a 128-byte stack buffer. Notably, the vulnerability was identified and a full working exploit was developed using Claude, Anthropic's large language model, demonstrating the AI's capability in security research and vulnerability analysis.

The flaw affects multiple FreeBSD versions including 13.5, 14.3, 14.4, and 15.0 running NFS servers with RPCSEC_GSS authentication enabled on port 2049/TCP. The overflow allows attackers to overwrite saved registers and the function's return address, enabling arbitrary kernel code execution with root privileges. FreeBSD has released patches for affected versions, with the fix implementing a simple bounds check to prevent oversized credentials from exceeding the buffer's remaining 96 bytes of available space.

• Patches are available for FreeBSD 14.4-RELEASE-p1 and later versions, implemented through a single bounds-check safeguard

Editorial Opinion

This disclosure raises important questions about the dual-use nature of advanced AI systems in cybersecurity. While Claude's ability to identify and exploit a critical kernel vulnerability demonstrates the sophistication of modern LLMs, it also underscores the urgent need for proactive security auditing in widely-used systems. The vulnerability's simplicity—a missing bounds check—suggests that systematic AI-assisted code review could become a powerful defensive tool, provided the results are responsibly disclosed and patched before weaponization.