CVE-2026-4878

EUVD-2026-20910
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.
TOCTOU
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
libcap2
bookworm
no-dsa
bullseye
vulnerable
bullseye (security)
vulnerable
forky
1:2.78-1
fixed
sid
1:2.78-1
fixed
trixie
no-dsa
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2026-4878
https://bugzilla.redhat.com/show_bug.cgi?id=2447554
https://bugzilla.redhat.com/show_bug.cgi?id=2451615
http://www.openwall.com/lists/oss-security/2026/04/07/14
http://www.openwall.com/lists/oss-security/2026/04/07/4
http://www.openwall.com/lists/oss-security/2026/04/08/9
http://www.openwall.com/lists/oss-security/2026/04/09/5
http://www.openwall.com/lists/oss-security/2026/04/09/6