Reverse engineering Claude's CVE-2026-2796 exploit
… With info leak, I can build arbitrary read/write. 4. With arbitrary R/W, I can overwrite function pointers → code execution The specific primitives were named shortly after: addrof leak an object's address as an integer and fakeobj forge a JS object reference to an arbitrary address . …