Zurück zur CVE-Übersicht
CVE-2026-4878
MEDIUM(6.7)CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Risk Signal Score17/100 — NIEDRIG
- CVSS 6.7 — Mittel
EPSS-Score
0%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
6.7
Technische Schwere
Beschreibung
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.
Referenzen
- https://access.redhat.com/errata/RHSA-2026:12423
- https://access.redhat.com/errata/RHSA-2026:12441
- https://access.redhat.com/errata/RHSA-2026:13285
- https://access.redhat.com/errata/RHSA-2026:14162
- https://access.redhat.com/errata/RHSA-2026:14937
- https://access.redhat.com/errata/RHSA-2026:19130
- https://access.redhat.com/errata/RHSA-2026:19346
- https://access.redhat.com/errata/RHSA-2026:19456
- https://access.redhat.com/errata/RHSA-2026:19458
- https://access.redhat.com/errata/RHSA-2026:20595