FreeBSD NFS RCE CVE-2026-4747

• Entity ID: ent-20260419-g1a0000000a3
• Type: issue
• Scope: shared
• Status: active
• Aliases: CVE-2026-4747, FreeBSD NFS 17-year RCE

Description

17-year-old remote code execution vulnerability in FreeBSD's NFS server, autonomously identified AND fully exploited by Claude Mythos Preview, including a 20-gadget ROP chain split across multiple packets without human involvement after the initial prompt. Grants unauthenticated root access.

Key claims

• Mythos autonomously built and executed 20-gadget ROP chain for FreeBSD NFS RCE

Relations

• FreeBSD NFS RCE CVE-2026-4747 --[derived_from]--> Claude Mythos Preview

Sources

src-20260409-28c9af66ed0c