7

CVE-2026-4878

Exploit

Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Libcap ProjectLibcap Version-
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Version10.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.19% 0.085
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

https://bugzilla.redhat.com/show_bug.cgi?id=2447554
Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=2451615
Vendor Advisory
Issue Tracking
http://www.openwall.com/lists/oss-security/2026/04/07/14
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2026/04/07/4
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2026/04/08/9
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2026/04/09/5
Third Party Advisory
Exploit
Mailing List
http://www.openwall.com/lists/oss-security/2026/04/09/6
Third Party Advisory
Exploit
Mailing List
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4878.json
https://access.redhat.com/errata/RHSA-2026:14937
https://access.redhat.com/errata/RHSA-2026:21275
https://access.redhat.com/errata/RHSA-2026:25044
https://access.redhat.com/errata/RHSA-2026:25096
https://access.redhat.com/errata/RHSA-2026:25181
https://access.redhat.com/errata/RHSA-2026:26542
https://access.redhat.com/errata/RHSA-2026:28887
https://access.redhat.com/errata/RHSA-2026:30078
https://access.redhat.com/errata/RHSA-2026:30087
https://access.redhat.com/errata/RHSA-2026:30088
https://access.redhat.com/errata/RHSA-2026:30089
https://access.redhat.com/errata/RHSA-2026:22634
https://access.redhat.com/errata/RHSA-2026:14162
https://access.redhat.com/errata/RHSA-2026:29197
https://access.redhat.com/errata/RHSA-2026:27998
https://access.redhat.com/errata/RHSA-2026:12423
https://access.redhat.com/errata/RHSA-2026:12441
https://access.redhat.com/errata/RHSA-2026:13285
https://access.redhat.com/errata/RHSA-2026:19130
https://access.redhat.com/errata/RHSA-2026:19346
https://access.redhat.com/errata/RHSA-2026:19456
https://access.redhat.com/errata/RHSA-2026:19458
https://access.redhat.com/errata/RHSA-2026:20595
https://access.redhat.com/errata/RHSA-2026:21254
https://access.redhat.com/errata/RHSA-2026:22957
https://access.redhat.com/errata/RHSA-2026:23233
https://access.redhat.com/errata/RHSA-2026:23245
https://access.redhat.com/errata/RHSA-2026:24346
https://access.redhat.com/errata/RHSA-2026:34098
https://access.redhat.com/errata/RHSA-2026:7473
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2026-4878
Vendor Advisory