CVE-2026-4878

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libcap (affected versions not specified)

Description A flaw exists in libcap where a local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the cap set file() function. This allows an attacker with write access to a parent directory to redirect file capability updates to a file controlled by the attacker. Capabilities can be injected into or stripped from unintended executables, potentially leading to privilege escalation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

LPE

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-367

Related Identifiers

ALSA-2026:12423

ALSA-2026:12441

ALSA-2026:13285

ALSA-2026:19130

ALSA-2026:19346

CLEANSTART-2026-FV86809

CVE-2026-4878

ECHO-BEB9-6EEA-F967

OESA-2026-1929

OPENSUSE-SU-2026:10536-1

OPENSUSE-SU-2026:20613-1

RHSA-2026:12423

RHSA-2026:12441

RHSA-2026:13285

RHSA-2026:19130

RHSA-2026:19346

RHSA-2026:19456

RHSA-2026:19458

RHSA-2026:7473

SUSE-SU-2026:1432-1

SUSE-SU-2026:1433-1

SUSE-SU-2026:21243-1

SUSE-SU-2026:21257-1

SUSE-SU-2026:21274-1

USN-8193-1

Affected Products

Linuxmint

Rocky Linux

Ubuntu

Libpcap

CVE-2026-4878

Weakness Enumeration

Related Identifiers

Affected Products

References · 129