CVE-2026-4747 FreeBSD NFS RCE: 17-Year-Old Bug Patch Guide

Retool's new app builder is where AI-generated code ships safely
Building apps with AI is easy. Getting them to production safely is another story.
CVE-2026-4747 is a critical memory corruption vulnerability in the FreeBSD NFS client that existed undetected for 17 years before Claude Mythos identified it during Project Glasswing. The flaw allows any unauthenticated attacker with network access to achieve remote code execution as root on affected FreeBSD systems. With a CVSS score of 9.8, this is a patch-now situation.
The vulnerability affects every FreeBSD version from 10.x through 14.x. FreeBSD powers a significant share of production network appliances, NAS devices, and server infrastructure, including TrueNAS, pfSense, and OPNsense deployments. The NFS protocol is often enabled by default in storage-focused configurations, meaning the attack surface is broader than most administrators realize.
This post covers exactly what the vulnerability is, who is affected, how to patch and verify, and what the discovery tells us about the state of AI-powered vulnerability research.
What CVE-2026-4747 Is and Why It Survived 17 Years
CVE-2026-4747 is a memory corruption flaw in how the FreeBSD NFS client handles server responses during mount negotiation. This code path has been present in FreeBSD since approximately 2009. During the negotiation sequence, the NFS client processes server-supplied data in a way that allows an attacker-controlled server response to corrupt kernel memory, ultimately enabling arbitrary code execution in ring 0 context with root privileges.
The vulnerability requires no credentials. Any host that can reach an affected FreeBSD system over the network can trigger the flaw by sending a malformed response during the NFS mount protocol handshake. The attacker does not need an existing account on the target, knowledge of any credentials, or prior access to the system.
Seventeen-year-old bugs survive for predictable reasons. The NFS client protocol negotiation path is a rarely-audited subsystem. Code reviewers and penetration testers tend to focus on recently modified code, input validation boundaries, and high-traffic code paths. The NFS mount negotiation sequence is exercised only during mount operations, which limits how often it appears in dynamic analysis or fuzzing coverage. The triggering condition requires a specific sequence of server responses across multiple protocol states, making it resistant to surface-level fuzz testing that does not model full protocol state machines. Human auditors working under time and scope constraints made rational prioritization decisions that collectively left this code path unreviewed for over a decade.
Who Is Affected
Any FreeBSD host with NFS client functionality enabled is potentially vulnerable. The range is broader than most teams initially assume because NFS client support is compiled into the FreeBSD kernel by default and is enabled in many standard configurations.
High-risk deployment categories include FreeBSD-based NAS appliances such as FreeNAS and TrueNAS, where NFS is a primary storage protocol and often enabled by default. FreeBSD-based network appliances including pfSense and OPNsense run the affected kernel and may be vulnerable depending on configuration. FreeBSD servers in high-performance computing environments and academic data centers frequently mount shared NFS storage. FreeBSD jail-based hosting infrastructure may use NFS for shared storage between the host and jail environments.
To check whether NFS is active on a given system, run mount | grep nfs to identify currently mounted NFS shares and nfsstat -s to verify active NFS service state. Review /etc/rc.conf for nfsclient_enable entries to understand whether the NFS client starts at boot. Prioritize patching any system where NFS is confirmed active and network-accessible from untrusted hosts.
Briefings like this, every morning before 9am.
Threat intel, active CVEs, and campaign alerts, distilled for practitioners. 50,000+ subscribers. No noise.
Patching and Verification
The authoritative fix is documented in the FreeBSD Security Advisory for CVE-2026-4747, published at security.freebsd.org. Apply the patch immediately using the standard FreeBSD patch mechanisms. For binary installations, freebsd-update fetch followed by freebsd-update install is the standard path. For systems built from source, apply the patches listed in the advisory and recompile the kernel.
For systems that cannot be immediately patched due to operational constraints, disable the NFS client service entirely: run service nfsclient stop to stop the running service and sysrc nfsclient_enable=NO to prevent it from starting at boot. If NFS functionality is required and cannot be disabled, apply network-level access controls at your perimeter and at the host firewall level to block NFS traffic on ports 111/TCP, 111/UDP, 2049/TCP, and 2049/UDP. Restricting NFS access to known, trusted NFS server addresses reduces exposure but does not eliminate it if any trusted server is compromised.
Verify the patch is applied by running freebsd-version -k to check the kernel version and comparing the output against the patched version string specified in the security advisory. Do not rely on uname output alone, as it may not reflect applied patches correctly in all configurations.
Why Claude Mythos Found It When Human Auditors Did Not
Claude Mythos did not find CVE-2026-4747 because it is smarter than human security researchers. It found it because it performs systematic, exhaustive analysis of code paths that humans reasonably deprioritize under time and scope constraints. Mythos traced a subtle memory management flaw through the NFS client state machine by generating and testing hypotheses for every code path, including the low-probability, rarely-exercised paths that human auditors skip.
The specific mechanism: Mythos analyzed the complete call graph of the NFS client implementation, including code paths that have not been meaningfully modified in years. It modeled the protocol state machine across multiple message exchanges and identified the specific sequence of server responses required to trigger the memory corruption. This kind of whole-codebase, whole-history analysis is computationally tractable for an AI system but practically infeasible for a human auditor working on a bounded engagement.
This is the core operational implication of Project Glasswing. The bugs that survive longest are not the ones that are hardest to understand once identified. They are the ones that exist in code paths no one thought to look at. AI-powered vulnerability research removes that assumption. Your exposure is no longer bounded by which subsystems received recent human attention. Defenders need to incorporate AI-assisted code analysis into their vulnerability management workflows, because adversaries are already testing these tools offensively. Review the free Mythos Brief at /mythos-brief for a practitioner-focused breakdown of what AI-found vulnerabilities mean for your patch and detection programs.
The bottom line
CVE-2026-4747 is a 9.8-severity, unauthenticated remote root vulnerability that existed for 17 years in FreeBSD's NFS client before AI-powered research surfaced it. If you run FreeBSD 10.x through 14.x with NFS enabled, patch immediately using the FreeBSD Security Advisory guidance. If immediate patching is not possible, disable the NFS client or apply network-level port restrictions as compensating controls. The discovery underscores a broader shift: AI systems are now finding vulnerabilities in code paths that have evaded human review for decades. For a practitioner-focused briefing on what Claude Mythos means for your vulnerability program and how to adapt your patch prioritization, get the free Mythos Brief at /mythos-brief.
This analysis is generic — the platform version scores threats like this against your own stack.
Frequently asked questions
Is CVE-2026-4747 patched in all FreeBSD versions?
A patch is available via the FreeBSD Security Advisory for CVE-2026-4747. The advisory covers FreeBSD 10.x through 14.x. Apply the patch immediately using freebsd-update or by compiling from patched source. Verify your kernel version with `freebsd-version -k` and compare against the advisory's fixed version string.
Does CVE-2026-4747 affect pfSense and OPNsense?
pfSense and OPNsense are built on FreeBSD and may be affected if their underlying FreeBSD version falls within the 10.x-14.x range. Check whether NFS client functionality is enabled in your appliance configuration. Consult the pfSense and OPNsense security advisories for vendor-specific patch guidance.
Does CVE-2026-4747 affect TrueNAS?
TrueNAS CORE is built on FreeBSD and is potentially affected. TrueNAS deployments frequently have NFS enabled by default as a core storage protocol. Apply patches from the FreeBSD project and monitor TrueNAS's own security advisory channel for a platform-specific update.
How do I check if NFS is running on my FreeBSD system?
Run `mount | grep nfs` to see any mounted NFS shares and `nfsstat -s` to verify active NFS services. You can also check `service nfsclient status` and review `/etc/rc.conf` for `nfsclient_enable` to confirm whether the NFS client starts at boot.
Can I mitigate CVE-2026-4747 without patching immediately?
If immediate patching is not operationally possible, disable the NFS client with `service nfsclient stop; sysrc nfsclient_enable=NO`. Apply network-level controls at your perimeter to block NFS traffic on ports 111/TCP, 111/UDP, 2049/TCP, and 2049/UDP. These are compensating controls only. Patching remains mandatory.
Was CVE-2026-4747 exploited in the wild before the patch?
There is no confirmed evidence of in-the-wild exploitation of CVE-2026-4747 prior to the patch. Claude Mythos discovered this vulnerability through Project Glasswing's proactive vulnerability research program. However, given the severity and network accessibility of the flaw, patch urgently and treat any NFS-related anomalies as suspicious.
Sources & references
- FreeBSD Security Advisory, CVE-2026-4747
- Assessing Claude Mythos Preview cybersecurity capabilities, Anthropic
- Project Glasswing: Securing critical software, Anthropic
- Tracking CVEs Attributed to Anthropic Researchers and Project Glasswing, VulnCheck
- The Hacker News: Anthropics Claude Mythos Finds Thousands of Zero-Day Flaws
Free resources
Critical CVE Reference Card 2025–2026
25 actively exploited vulnerabilities with CVSS scores, exploit status, and patch availability. Print it, pin it, share it with your SOC team.
Ransomware Incident Response Playbook
Step-by-step 24-hour IR checklist covering detection, containment, eradication, and recovery. Built for SOC teams, IR leads, and CISOs.
Get threat intel before your inbox does.
50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, daily, no spam.
Unsubscribe anytime. We never sell your data.

Founder & Cybersecurity Evangelist, Decryption Digest
Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals every morning.
Win a $2,495 Black Hat pass.
Full-access to Black Hat USA 2026 in Las Vegas. Subscribe free to enter.
