DEBIAN-CVE-2026-4878

DEBIAN-CVE-2026-4878 PUBLISHED CVSS 7 HIGH

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.

Risk Scores

CVSS 3.1

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:12	libcap2	1:2.78-1, 1:2.77-1, 1:2.75-8
Debian:11	libcap2	, , 0
Debian:14	libcap2	0, 2.77-1, 2.75-10
Debian:13	libcap2	1:2.78-1, 2.75-10, 0

Exploit Intelligence

CVE-2026-4878.json (github-poc)
.trivyignore.yml (github-poc)
.trivyignore.yml (github-poc)
.trivyignore.yml (github-poc)
euvd_test.go (github-poc)

Timeline

Apr 9, 2026 CVE Published
May 16, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2026-4878 advisory

Open in Interactive Console →