Anthropic's Claude AI has reportedly discovered and exploited CVE-2026-4747, a remote code execution vulnerability in FreeBSD's kernel, marking what researchers claim is the first kernel exploit both discovered and exploited entirely by artificial intelligence. The vulnerability affects multiple FreeBSD versions and allows attackers with valid Kerberos tickets to achieve full remote kernel code execution as root.
Stack Buffer Overflow in FreeBSD Kernel GSS Authentication
CVE-2026-4747 is a stack buffer overflow in FreeBSD's kernel GSS authentication module (kgssapi.ko). The vulnerability exists in the svc_rpc_gss_validate() function, which reconstructs RPC headers into a 128-byte stack buffer without validating that the credential body fits within available space. After writing 32 bytes of fixed RPC header data, only 96 bytes remain in the buffer, yet the XDR layer permits credentials up to 400 bytes. Any credential exceeding 96 bytes overflows the stack buffer, corrupting local variables, saved registers, and ultimately the return address.
Affected versions include FreeBSD 13.5 (<p11), FreeBSD 14.3 (<p10), FreeBSD 14.4 (<p1), and FreeBSD 15.0 (<p5). An attacker can trigger this vulnerability by sending a specially crafted RPCSEC_GSS packet to port 2049/TCP.
Sophisticated 15-Round Exploit Chain
The AI-generated exploit employs a sophisticated 15-round attack pattern. Round 1 uses ROP gadgets to make kernel BSS memory executable. Rounds 2-14 incrementally write shellcode—432 bytes total—across multiple packets. Round 15 writes the final shellcode chunk and jumps to execute it. Each round kills one NFS worker thread via kthread_exit(), requiring at least 16 worker threads (2+ CPUs) to complete successfully.
The 400-byte limit on the credential body restricts each round to approximately 200 bytes of ROP chain, which the exploit overcomes by chaining multiple rounds together. According to MAD Bugs' technical write-up: "To our knowledge, this is the first remote kernel exploit both discovered and exploited by an AI."
Implications for AI-Assisted Security Research
The discovery demonstrates how AI coding assistants like Claude can identify complex security flaws in kernel-level code that involve subtle interactions between protocol layers, buffer management, and authentication systems. The vulnerability required understanding of multiple technical domains: FreeBSD kernel architecture, RPC protocol specifications, stack memory layout, and ROP chain construction.
While AI-assisted vulnerability discovery could help secure critical infrastructure by identifying flaws faster than traditional methods, it also raises concerns that malicious actors could leverage AI to find and exploit zero-day vulnerabilities at scale. The capability represents a significant milestone in AI's ability to perform complex security research tasks that previously required expert-level human knowledge.
Key Takeaways
- Claude AI discovered and exploited CVE-2026-4747, a remote kernel code execution vulnerability in FreeBSD's GSS authentication module
- The vulnerability affects FreeBSD versions 13.5, 14.3, 14.4, and 15.0, allowing remote attackers with Kerberos tickets to achieve root-level kernel execution
- The exploit uses a 15-round attack pattern to bypass stack buffer limitations, writing 432 bytes of shellcode across multiple NFS packets
- This marks the first publicly documented case of an AI system independently discovering and exploiting a kernel-level vulnerability
- The discovery raises questions about both offensive and defensive applications of AI in security research