17 years
the CVE-2026-4747 FreeBSD NFS flaw existed before Claude Mythos discovered it
FreeBSD 10.x-14.x
all versions affected by the unauthenticated NFS client RCE
1 session
for Mythos to identify root cause and validate working proof-of-concept exploit
9.8
estimated CVSS score reflecting unauthenticated network-accessible remote code execution to root

SponsoredRetool

Retool's new app builder is where AI-generated code ships safely

Building apps with AI is easy. Getting them to production safely is another story.

Start building for free today

CVE-2026-4747 is a critical memory corruption vulnerability in the FreeBSD NFS client that existed undetected for 17 years before Claude Mythos identified it during Project Glasswing. The flaw allows any unauthenticated attacker with network access to achieve remote code execution as root on affected FreeBSD systems. With a CVSS score of 9.8, this is a patch-now situation.

The vulnerability affects every FreeBSD version from 10.x through 14.x. FreeBSD powers a significant share of production network appliances, NAS devices, and server infrastructure, including TrueNAS, pfSense, and OPNsense deployments. The NFS protocol is often enabled by default in storage-focused configurations, meaning the attack surface is broader than most administrators realize.

This post covers exactly what the vulnerability is, who is affected, how to patch and verify, and what the discovery tells us about the state of AI-powered vulnerability research.

What CVE-2026-4747 Is and Why It Survived 17 Years

CVE-2026-4747 is a memory corruption flaw in how the FreeBSD NFS client handles server responses during mount negotiation. This code path has been present in FreeBSD since approximately 2009. During the negotiation sequence, the NFS client processes server-supplied data in a way that allows an attacker-controlled server response to corrupt kernel memory, ultimately enabling arbitrary code execution in ring 0 context with root privileges.

The vulnerability requires no credentials. Any host that can reach an affected FreeBSD system over the network can trigger the flaw by sending a malformed response during the NFS mount protocol handshake. The attacker does not need an existing account on the target, knowledge of any credentials, or prior access to the system.

Seventeen-year-old bugs survive for predictable reasons. The NFS client protocol negotiation path is a rarely-audited subsystem. Code reviewers and penetration testers tend to focus on recently modified code, input validation boundaries, and high-traffic code paths. The NFS mount negotiation sequence is exercised only during mount operations, which limits how often it appears in dynamic analysis or fuzzing coverage. The triggering condition requires a specific sequence of server responses across multiple protocol states, making it resistant to surface-level fuzz testing that does not model full protocol state machines. Human auditors working under time and scope constraints made rational prioritization decisions that collectively left this code path unreviewed for over a decade.

Who Is Affected

Any FreeBSD host with NFS client functionality enabled is potentially vulnerable. The range is broader than most teams initially assume because NFS client support is compiled into the FreeBSD kernel by default and is enabled in many standard configurations.

High-risk deployment categories include FreeBSD-based NAS appliances such as FreeNAS and TrueNAS, where NFS is a primary storage protocol and often enabled by default. FreeBSD-based network appliances including pfSense and OPNsense run the affected kernel and may be vulnerable depending on configuration. FreeBSD servers in high-performance computing environments and academic data centers frequently mount shared NFS storage. FreeBSD jail-based hosting infrastructure may use NFS for shared storage between the host and jail environments.

To check whether NFS is active on a given system, run mount | grep nfs to identify currently mounted NFS shares and nfsstat -s to verify active NFS service state. Review /etc/rc.conf for nfsclient_enable entries to understand whether the NFS client starts at boot. Prioritize patching any system where NFS is confirmed active and network-accessible from untrusted hosts.

Free daily briefing

Briefings like this, every morning before 9am.

Threat intel, active CVEs, and campaign alerts, distilled for practitioners. 50,000+ subscribers. No noise.

Patching and Verification

The authoritative fix is documented in the FreeBSD Security Advisory for CVE-2026-4747, published at security.freebsd.org. Apply the patch immediately using the standard FreeBSD patch mechanisms. For binary installations, freebsd-update fetch followed by freebsd-update install is the standard path. For systems built from source, apply the patches listed in the advisory and recompile the kernel.

For systems that cannot be immediately patched due to operational constraints, disable the NFS client service entirely: run service nfsclient stop to stop the running service and sysrc nfsclient_enable=NO to prevent it from starting at boot. If NFS functionality is required and cannot be disabled, apply network-level access controls at your perimeter and at the host firewall level to block NFS traffic on ports 111/TCP, 111/UDP, 2049/TCP, and 2049/UDP. Restricting NFS access to known, trusted NFS server addresses reduces exposure but does not eliminate it if any trusted server is compromised.

Verify the patch is applied by running freebsd-version -k to check the kernel version and comparing the output against the patched version string specified in the security advisory. Do not rely on uname output alone, as it may not reflect applied patches correctly in all configurations.

Why Claude Mythos Found It When Human Auditors Did Not

Claude Mythos did not find CVE-2026-4747 because it is smarter than human security researchers. It found it because it performs systematic, exhaustive analysis of code paths that humans reasonably deprioritize under time and scope constraints. Mythos traced a subtle memory management flaw through the NFS client state machine by generating and testing hypotheses for every code path, including the low-probability, rarely-exercised paths that human auditors skip.

The specific mechanism: Mythos analyzed the complete call graph of the NFS client implementation, including code paths that have not been meaningfully modified in years. It modeled the protocol state machine across multiple message exchanges and identified the specific sequence of server responses required to trigger the memory corruption. This kind of whole-codebase, whole-history analysis is computationally tractable for an AI system but practically infeasible for a human auditor working on a bounded engagement.

This is the core operational implication of Project Glasswing. The bugs that survive longest are not the ones that are hardest to understand once identified. They are the ones that exist in code paths no one thought to look at. AI-powered vulnerability research removes that assumption. Your exposure is no longer bounded by which subsystems received recent human attention. Defenders need to incorporate AI-assisted code analysis into their vulnerability management workflows, because adversaries are already testing these tools offensively. Review the free Mythos Brief at /mythos-brief for a practitioner-focused breakdown of what AI-found vulnerabilities mean for your patch and detection programs.

The bottom line

CVE-2026-4747 is a 9.8-severity, unauthenticated remote root vulnerability that existed for 17 years in FreeBSD's NFS client before AI-powered research surfaced it. If you run FreeBSD 10.x through 14.x with NFS enabled, patch immediately using the FreeBSD Security Advisory guidance. If immediate patching is not possible, disable the NFS client or apply network-level port restrictions as compensating controls. The discovery underscores a broader shift: AI systems are now finding vulnerabilities in code paths that have evaded human review for decades. For a practitioner-focused briefing on what Claude Mythos means for your vulnerability program and how to adapt your patch prioritization, get the free Mythos Brief at /mythos-brief.

This analysis is generic — the platform version scores threats like this against your own stack.

Frequently asked questions

Is CVE-2026-4747 patched in all FreeBSD versions?

A patch is available via the FreeBSD Security Advisory for CVE-2026-4747. The advisory covers FreeBSD 10.x through 14.x. Apply the patch immediately using freebsd-update or by compiling from patched source. Verify your kernel version with `freebsd-version -k` and compare against the advisory's fixed version string.

Does CVE-2026-4747 affect pfSense and OPNsense?

pfSense and OPNsense are built on FreeBSD and may be affected if their underlying FreeBSD version falls within the 10.x-14.x range. Check whether NFS client functionality is enabled in your appliance configuration. Consult the pfSense and OPNsense security advisories for vendor-specific patch guidance.

Does CVE-2026-4747 affect TrueNAS?

TrueNAS CORE is built on FreeBSD and is potentially affected. TrueNAS deployments frequently have NFS enabled by default as a core storage protocol. Apply patches from the FreeBSD project and monitor TrueNAS's own security advisory channel for a platform-specific update.

How do I check if NFS is running on my FreeBSD system?

Run `mount | grep nfs` to see any mounted NFS shares and `nfsstat -s` to verify active NFS services. You can also check `service nfsclient status` and review `/etc/rc.conf` for `nfsclient_enable` to confirm whether the NFS client starts at boot.

Can I mitigate CVE-2026-4747 without patching immediately?

If immediate patching is not operationally possible, disable the NFS client with `service nfsclient stop; sysrc nfsclient_enable=NO`. Apply network-level controls at your perimeter to block NFS traffic on ports 111/TCP, 111/UDP, 2049/TCP, and 2049/UDP. These are compensating controls only. Patching remains mandatory.

Was CVE-2026-4747 exploited in the wild before the patch?

There is no confirmed evidence of in-the-wild exploitation of CVE-2026-4747 prior to the patch. Claude Mythos discovered this vulnerability through Project Glasswing's proactive vulnerability research program. However, given the severity and network accessibility of the flaw, patch urgently and treat any NFS-related anomalies as suspicious.

Sources & references

  1. FreeBSD Security Advisory, CVE-2026-4747
  2. Assessing Claude Mythos Preview cybersecurity capabilities, Anthropic
  3. Project Glasswing: Securing critical software, Anthropic
  4. Tracking CVEs Attributed to Anthropic Researchers and Project Glasswing, VulnCheck
  5. The Hacker News: Anthropics Claude Mythos Finds Thousands of Zero-Day Flaws

Free resources

25
Free download

Critical CVE Reference Card 2025–2026

25 actively exploited vulnerabilities with CVSS scores, exploit status, and patch availability. Print it, pin it, share it with your SOC team.

No spam. Unsubscribe anytime.

Free download

Ransomware Incident Response Playbook

Step-by-step 24-hour IR checklist covering detection, containment, eradication, and recovery. Built for SOC teams, IR leads, and CISOs.

No spam. Unsubscribe anytime.

Free newsletter

Get threat intel before your inbox does.

50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, daily, no spam.

Unsubscribe anytime. We never sell your data.

Eric Bang
Author

Founder & Cybersecurity Evangelist, Decryption Digest

Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals every morning.

Black Hat Giveaway

Win a $2,495 Black Hat pass.

Full-access to Black Hat USA 2026 in Las Vegas. Subscribe free to enter.

Joins Decryption Digest daily briefing. Unsubscribe anytime.

Giveaway: Black Hat USA 2026 Full-Access Pass ($2,495 value)

Details →
Daily Briefing

Subscribe to enter the giveaway

Every subscriber is automatically entered. You also get daily threat intel every morning: zero-days, ransomware, and nation-state campaigns. Free. No spam.

Already subscribed? You're already entered.

Giveaway

Win a $2,495 Black Hat USA 2026 pass.