Anthropic Claude Mythos Under Security Scrutiny: CVE-2026-4747 ROP Chain, OpenBSD SACK Overflow, and Linux Root Exploit Claims Under Review

Security researchers are examining a series of technical claims regarding Anthropic's Claude Mythos system, including alleged vulnerability chains that could enable privilege escalation across multiple operating systems. The claims center on CVE-2026-4747, reportedly associated with a return-oriented programming (ROP) chain, alongside allegations involving an OpenBSD SACK integer overflow and a Linux 1-bit out-of-bounds write enabling root-level access.

The technical analysis, surfaced through the cybersecurity research community, reportedly includes reproductions documented by researchers identifying themselves as AISLE. These reproductions aim to demonstrate the feasibility of the described exploit paths, though independent verification remains limited at this stage. The vulnerabilities span distinct operating system targets—OpenBSD and Linux—raising questions about the breadth of any potential attack surface if the claims prove substantive.

The disclosure highlights growing scrutiny of large language model deployments and their interaction with underlying system infrastructure. Researchers caution that claims require thorough peer review before any conclusions can be drawn about severity or applicability. The emergence of CVE-2026-4747 in this context signals potential incoming attention from vulnerability analysts, patch management teams, and organizations running affected configurations. Whether these represent confirmed architectural weaknesses, theoretical attack vectors, or misattributed findings will depend on forthcoming technical assessment and response from Anthropic.