PT-2026-28219 · Freebsd+1 · Freebsd+2

Nicholas Carlini

·

Published

2026-03-26

·

Updated

2026-06-06

·

CVE-2026-4747

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions FreeBSD (affected versions not specified)
Description A stack overflow exists in the kgssapi.ko kernel module and the librpcgss sec library during the validation of RPCSEC GSS data packets. The routine responsible for checking the packet signature copies a portion of the packet into a stack buffer without verifying if the buffer is sufficiently large. This flaw allows a malicious client to trigger a stack overflow without prior authentication.
In the kernel, this can lead to remote code execution if an authenticated user sends packets to the kernel's NFS server while kgssapi.ko is loaded. In userspace, any application that runs an RPC server and has librpcgss sec loaded is vulnerable to remote code execution from any client capable of sending packets.
Recommendations As a temporary workaround, consider restricting access to the kernel's NFS server or avoiding the use of the kgssapi.ko module until a patch is applied. Restrict the use of the librpcgss sec library in userspace RPC applications to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

DoS

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-04973
CVE-2026-4747

Affected Products

Freebsd
Kgssapi.Ko
Librpcgss Sec