CVE-2026-4878
MediumCVSS 6.7Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
A flaw was found in the libcap library due to a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. A local unprivileged user with write access to a parent directory can redirect file capability updates to an attacker-controlled file. This allows capabilities to be injected into or stripped from unintended executables, leading to privilege escalation.
Risk Assessment
The organization faces a risk of privilege escalation by a local user, potentially gaining unauthorized access to sensitive system resources. The attack could allow control over critical executables.
Recommendation
Update the libcap library to the latest patched version immediately. Additionally, restrict write permissions to parent directories for unprivileged users.
Original NVD description (English source)
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.

