Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
15 hours ago
- #FreeBSD Security
- #Remote Kernel RCE
- #AI Exploit Development
- Claude, an AI developed by Anthropic, discovered and exploited a remote kernel vulnerability in FreeBSD, CVE-2026-4747, marking the first remote kernel exploit both found and executed by AI.
- The exploit development took approximately 8 hours of wall clock time, with about 4 hours of Claude's active work, resulting in two different working strategies to achieve a root shell.
- Claude successfully generated a remote kernel code execution exploit leveraging a stack overflow in the RPCSEC_GSS module, using ROP chains and a multi-packet shellcode delivery mechanism.
- The exploit involved setting up a vulnerable FreeBSD environment, bypassing security features like the lack of KASLR, and overcoming challenges such as multi-packet shellcode delivery and kernel-to-userland transitions.
- Claude demonstrated advanced exploit development skills, including debugging with De Bruijn patterns, handling thread exits, and managing hardware breakpoints to achieve a uid 0 reverse shell.