Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)

Anthropic's Claude AI has demonstrated advanced cybersecurity capabilities by autonomously writing a complete remote kernel exploit for FreeBSD's critical CVE-2026-4747 vulnerability. The exploit targets a stack buffer overflow in the kgssapi.ko kernel module's RPCSEC_GSS authentication validation function, specifically in svc_rpc_gss_validate(). The vulnerability occurs when the function copies credential data into a 128-byte stack buffer without proper bounds checking, allowing attackers to overflow saved registers and control the return address.

The exploit achieves full remote kernel code execution (RCE) with root privileges (uid 0) through FreeBSD's NFS server on port 2049/TCP. The attack requires the kgssapi.ko module to be loaded and uses RPCSEC_GSS authentication with Kerberos. The vulnerability affects FreeBSD versions 13.5 (<p11), 14.3 (<p10), 14.4 (<p1), and 15.0 (<p5), with patches adding a simple bounds check to prevent overflow.

Security researchers tested the exploit on FreeBSD 14.4-RELEASE amd64 with the GENERIC kernel (no KASLR). The overflow geometry analysis shows that credential bodies larger than 96 bytes overwrite saved registers starting at byte 120, with the return address controlled at byte 200. This represents a significant advancement in AI's ability to understand complex memory corruption vulnerabilities and generate working exploits.