Home / Vulnerability Intelligence / CVE-2026-4747

CVE-2026-4747 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 26, 2026

FreeBSD kgssapi.ko & librpcgss_sec - Remote Code Execution

Published: March 26, 2026Updated: March 26, 2026Remote Exploitable

Overview

FreeBSD kgssapi.ko and librpcgss_sec contain a stack buffer overflow caused by improper validation of RPCSEC_GSS data packet signatures, letting remote attackers execute code without authentication, exploit requires network access to vulnerable RPC server.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 18.0%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary code in kernel or userspace, potentially leading to full system compromise.

Mitigation

Update to the latest FreeBSD version with patched kgssapi.ko and librpcgss_sec modules.

References

https://security.freebsd.org/advisories/FreeBSD-SA-26:08.rpcsec_gss.asc

Social Media Activity(1 post)

Graham Perrin

@grahamperrin

Apr 5, 2026

CVE-2026-4747 Re what's quoted in the opening post at <https://forums.freebsd.org/threads/102251/>, please note that Nicholas Carlini has not yet made a public statement about findings. (I should not treat notebookcheck.net as an authoritative source on this matter.) #FreeBSD #security

View original post

Related Resources

Details

CVE ID: CVE-2026-4747
Severity: High
CVSS Score: 8.8
Type: buffer_overflow
Status: unconfirmed
EPSS: 18.0%
Social Posts: 1

CWE

CWE-121

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

18.0%Probability of exploitation in the next 30 days