What is the CVSS score of CVE-2026-4747?

CVE-2026-4747 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Is there a public PoC exploit available for CVE-2026-4747?

Yes, a public proof-of-concept exploit is available for CVE-2026-4747. Prioritise patching immediately. EPSS: 0.1%.

CVE-2026-4747

EUVD-2026-16132 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-03-26 freebsd

GHSA-h63x-7924-m7qf

RCE Buffer Overflow Stack Overflow

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 20, 2026 - 13:57 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 20, 2026 - 13:52 vuln.today

cvss_changed

PoC Detected

Apr 01, 2026 - 15:23 vuln.today

Public exploit code

EUVD ID Assigned

Mar 26, 2026 - 07:00 euvd

EUVD-2026-16132

Analysis Generated

Mar 26, 2026 - 07:00 vuln.today

CVE Published

Mar 26, 2026 - 06:21 nvd

HIGH 8.8

DescriptionNVD

Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can trigger a stack overflow. Notably, this does not require the client to authenticate itself first.

As kgssapi.ko's RPCSEC_GSS implementation is vulnerable, remote code execution in the kernel is possible by an authenticated user that is able to send packets to the kernel's NFS server while kgssapi.ko is loaded into the kernel.

In userspace, applications which have librpcgss_sec loaded and run an RPC server are vulnerable to remote code execution from any client able to send it packets. We are not aware of any such applications in the FreeBSD base system.

AnalysisAI

Remote code execution in FreeBSD kernel's RPCSEC_GSS implementation (kgssapi.ko) and userspace RPC servers (librpcgss_sec) allows low-privileged authenticated attackers to execute arbitrary code via crafted network packets. Affects FreeBSD 13.5, 14.3, 14.4, and 15.0 branches. …

RemediationAI

Within 24 hours: inventory all FreeBSD systems running versions 13.5, 14.3, 14.4, or 15.0 and document which hosts expose RPC services (ports 111, 2049, or custom RPC endpoints) to untrusted networks. Within 7 days: implement network segmentation to restrict RPC service access to trusted subnets only; disable RPCSEC_GSS authentication where not operationally required. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-4747 vulnerability details – vuln.today

Back

CVE-2026-4747

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code