LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-4747

CVE-2026-4747 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 26, 2026

FreeBSD kgssapi.ko & librpcgss_sec - Remote Code Execution

Published: March 26, 2026Updated: March 26, 2026Remote Exploitable

Overview

FreeBSD kgssapi.ko and librpcgss_sec contain a stack buffer overflow caused by improper validation of RPCSEC_GSS data packet signatures, letting remote attackers execute code without authentication, exploit requires network access to vulnerable RPC server.

Severity & Score

Severity: High
CVSS Score: 8.8
EPSS Score: 9.1%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary code in kernel or userspace, potentially leading to full system compromise.

Mitigation

Update to the latest FreeBSD version with patched kgssapi.ko and librpcgss_sec modules.

References

Social Media Activity(2 posts)

Graham Perrin
Graham Perrin
@grahamperrin
May 2, 2026

It's fair to say that <https://nitter.net/cperciva/status/2049591719143059860>, a few hours before Gary's video, was not bullshit: " In April, FreeBSD issued eight security advisories. Six of them were for issues found by AI." Colin Percival quotes his own post from March 2026: "… LLMs are producing lots of slop, but they're also finding a heck of a lot of real vulnerabilities." @seuros if you disagree with CWE-121 – the Common Weakness Enumeration (CWE™) for CVE-2026-4747 – you might contact MITRE – <https://www.cve.org/CVERecord?id=CVE-2026-4747>. Cc @garyhtech @[email protected] @[email protected] (automated) #AI #FreeBSD #vulnerability #Anthropic #Claude #Mythos #security #infosec

View original post
Graham Perrin
Graham Perrin
@grahamperrin
May 2, 2026

It's fair to say that <https://nitter.net/cperciva/status/2049591719143059860>, a few hours before Gary's video, was not bullshit: " In April, FreeBSD issued eight security advisories. Six of them were for issues found by AI." Colin Percival quotes his own post from March 2026: "… LLMs are producing lots of slop, but they're also finding a heck of a lot of real vulnerabilities." @seuros if you disagree with CWE-121 – the Common Weakness Enumeration (CWE™) for CVE-2026-4747 – you might contact MITRE – <https://www.cve.org/CVERecord?id=CVE-2026-4747>. Cc @garyhtech @[email protected] @[email protected] (automated) #AI #FreeBSD #vulnerability #Anthropic #Claude #Mythos #security #infosec

View original post

GitHub Repositories(2 repos)

Related Resources

Details

CVE ID
CVE-2026-4747
Severity
High
CVSS Score
8.8
Type
buffer_overflow
Status
unconfirmed
EPSS
9.1%
Social Posts
2

CWE

  • CWE-121

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

9.1%Probability of exploitation in the next 30 days