CVE-2026-4878EPSS p8.5%

CVE-2026-4878CVE-2026-4878

libcap_project / libcap

Description

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.

Scoring

CVSS 6.7 ()
VectorCVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS0.19% probability of exploitation · percentile 8.5% · 2026-06-19T12:03:05Z
Last modified2026-06-18

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-45487
CVE
CVE-2025-41259
CVE
Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability
CVE
CVE-2026-0038
CVE
CVE-2026-0030
CVE
Microsoft Windows Kernel TOCTOU Race Condition Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.