CVE-2026-4747

Name of the Vulnerable Software and Affected Versions FreeBSD (affected versions not specified)

Description A stack overflow exists in the RPCSEC GSS implementation within the kgssapi.ko kernel module and the librpcgss sec userspace library. The issue occurs during the validation of RPCSEC GSS data packets, where a routine checks a packet signature and copies a portion of the packet into a stack buffer without verifying if the buffer is sufficiently large. This flaw can be triggered by a malicious client and does not require prior authentication.

In the kernel, remote code execution is possible for an authenticated user capable of sending packets to the kernel's NFS server while kgssapi.ko is loaded. In userspace, any application that runs an RPC server and has librpcgss sec loaded is vulnerable to remote code execution from any client capable of sending packets.

Recommendations As a temporary workaround, restrict access to the kernel's NFS server or avoid loading the kgssapi.ko module to minimize the risk of kernel-level exploitation. Restrict the use of the librpcgss sec library in userspace RPC servers until a fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.