VYPR
Medium severity6.7NVD Advisory· Published Apr 9, 2026· Updated Jun 11, 2026

CVE-2026-4878

CVE-2026-4878

Description

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the cap_set_file() function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

28

Patches

Vulnerability mechanics

References

27

News mentions

0

No linked articles in our index yet.