Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747) (github.com)

The GitHub write-up describes CVE-2026-4747 as a stack buffer overflow in FreeBSD’s kgssapi.ko RPCSEC_GSS validation code, reachable via an NFS server handling Kerberos-authenticated RPCSEC_GSS traffic. It explains how a missing bounds check on the credential length lets attackers overwrite the stack and achieve remote code execution to a root reverse shell, then outlines the kernel fix added in FreeBSD 14.4-RELEASE-p1. The document also covers practical testing setup requirements (including using a Kerberos KDC and NFS on port 2049).