Vuln in FreeBSD NFS

yorick · April 8, 2026, 6:31am

Claude Mythos Preview is finding old vulns. Like this one.

“And it autonomously wrote a remote code execution exploit on FreeBSD’s NFS server that granted full root access to unauthenticated users by splitting a 20-gadget ROP chain over multiple packets.”

That means CORE (and by extension zVault) may be cooked for any use case that involves NFS. While FreeBSD has patched this vuln, it has done so in 13.5 and above. CORE is on 13.0 (mostly) and 13.3 (vanishingly few) and EOL; and the zVault devs are taking an extended break with no sign of coming back, and have not upgraded zVault to 13.5.

The fix could be back-ported to 13.0 / 13.3 no doubt: But I do doubt that CORE is sufficiently important still that it will be.

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:08.rpcsec_gss.asc

SmallBarky · April 8, 2026, 8:26pm

Enterprise Core has paying supporters. If you have concerns and are on Enterprise Core, I would contact TrueNAS support for information.

Topic		Replies	Views
Major security advisory in OpenSSH on FreeBSD: FreeBSD-SA-24:04.openssh TrueNAS General CORE , Security	7	374	July 3, 2024
TrueNAS CORE 13.0-U6.2 is Now Available! Announcements	39	4964	February 5, 2025
RegreSSHion: ssh vulnerability TrueNAS General Security	4	545	July 3, 2024
NFS dies and stops responding TrueNAS General	5	439	May 1, 2024
Upgraded from 12.0-U8.1 -> 13.0-U6.1 datasets show empty TrueNAS General CORE	8	167	April 25, 2024

Vuln in FreeBSD NFS

Related topics