CVE-2026-4747

Name of the Vulnerable Software and Affected Versions FreeBSD versions prior to patchday March 26, 2026

Description The vulnerability is a stack buffer overflow in the kgssapi.ko kernel module, specifically within the svc rpc function. This flaw allows for remote code execution in the kernel, potentially granting a root shell on affected systems. The issue arises from a failure to ensure sufficient buffer size when copying data from RPCSEC GSS packets. A malicious client can trigger this overflow without authentication. The vulnerability was discovered and exploited by an AI model (Claude) within a short timeframe, demonstrating a significant reduction in the time between vulnerability disclosure and weaponization. The fix involves adding a bounds check to the vulnerable buffer.

Recommendations Update to a version with the fix included in the March 26, 2026 patchday.