CVE-2026-4878
MEDIUMLibcap: libcap: privilege escalation via toctou race condition in cap_set_file()
Title source: cnaDescription
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.
References (27)
Core 27
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:22634
https://access.redhat.com/errata/RHSA-2026:22634
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:22957
https://access.redhat.com/errata/RHSA-2026:22957
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:24346
https://access.redhat.com/errata/RHSA-2026:24346
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:25096
https://access.redhat.com/errata/RHSA-2026:25096
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:23233
https://access.redhat.com/errata/RHSA-2026:23233
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:23245
https://access.redhat.com/errata/RHSA-2026:23245
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:12423
https://access.redhat.com/errata/RHSA-2026:12423
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:12441
https://access.redhat.com/errata/RHSA-2026:12441
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:7473
https://access.redhat.com/errata/RHSA-2026:7473
Vdb Entry, X_Refsource_Redhat vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-4878
Issue Tracking, X_Refsource_Redhat issue-tracking
x_refsource_redhat
RHBZ#2451615
https://bugzilla.redhat.com/show_bug.cgi?id=2451615
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:13285
https://access.redhat.com/errata/RHSA-2026:13285
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:14162
https://access.redhat.com/errata/RHSA-2026:14162
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:14937
https://access.redhat.com/errata/RHSA-2026:14937
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19130
https://access.redhat.com/errata/RHSA-2026:19130
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19346
https://access.redhat.com/errata/RHSA-2026:19346
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19456
https://access.redhat.com/errata/RHSA-2026:19456
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19458
https://access.redhat.com/errata/RHSA-2026:19458
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:20595
https://access.redhat.com/errata/RHSA-2026:20595
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:21254
https://access.redhat.com/errata/RHSA-2026:21254
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:21275
https://access.redhat.com/errata/RHSA-2026:21275
Scores
CVSS v3
6.7
EPSS
0.0019
EPSS Percentile
8.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-367
Status
published
Products (39)
libcap_project/libcap
Red Hat/Red Hat AI Inference Server 3.2
1780681984
Red Hat/Red Hat Discovery 2
1778101579
Red Hat/Red Hat Discovery 2
1778156756
Red Hat/Red Hat Enterprise Linux 10
Red Hat/Red Hat Enterprise Linux 10
0:2.69-7.el10_1.1
Red Hat/Red Hat Enterprise Linux 10
0:2.69-7.el10_2.1
Red Hat/Red Hat Enterprise Linux 10.0 Extended Update Support
0:2.69-7.el10_0.1
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
... and 29 more
Published
Apr 09, 2026
Tracked Since
Apr 09, 2026