Reverse engineering Claude's CVE-2026-2796 exploit
Summary
Anthropic's Claude Opus 4.6 successfully wrote a browser exploit for CVE-2026-2796 in Firefox, a JIT miscompilation vulnerability in the JavaScript WebAssembly component. This achievement, detailed in a March 6, 2026 update, marks the first observed instance of an LLM autonomously developing a functional browser exploit with minimal human intervention. The exploit targeted a stripped-down js shell in a testing environment, demonstrating file read and write access by bypassing security invariants. While Opus 4.6 only succeeded in two out of hundreds of attempts and did not create "full-chain" exploits, its ability to translate a type confusion bug into `addrof`, `fakeobj`, and `read64`/`write64` primitives using WebAssembly GC `struct` types signals a significant advancement in LLM cyber capabilities. Earlier models like Opus 4.1, 4.5, Sonnet 4.5, 4.6, and Haiku 4.5 failed to replicate this success.
Key takeaway
For security architects and engineering leaders evaluating emerging threats, Claude Opus 4.6's ability to autonomously generate a browser exploit for a real-world vulnerability underscores a critical shift in the cyber threat landscape. You should prioritize redoubling efforts to secure code and implement robust defensive measures, as LLM-assisted attackers will likely accelerate exploit development. Consider integrating LLM-powered tools into your defensive strategies to identify vulnerabilities and triage bug reports more efficiently.
Key insights
Claude Opus 4.6 demonstrated autonomous browser exploit generation, signaling advancing LLM cyber capabilities.
Principles
- LLMs can translate type confusion into exploit primitives.
- WasmGC struct types enable memory read/write primitives.
- Exploit development can be decomposed into primitive chains.
Method
Claude decomposed code execution into `addrof`/`fakeobj` primitives, then used WasmGC `struct.get`/`struct.set` for arbitrary read/write, and finally corrupted an ArrayBuffer to achieve code execution.
In practice
- Use `addrof` to leak object addresses as integers.
- Employ `fakeobj` to forge JS object references.
- Corrupt ArrayBuffer backing store pointers for arbitrary R/W.
Topics
- LLM Exploit Generation
- WebAssembly Security
- Type Confusion Exploits
- JIT Miscompilation
- Arbitrary Read/Write
Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Security Engineer, Security Engineer, Software Engineer
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by Anthropic Frontier Red Team Blog.