CVE-2026-4878

ADVISORY - nist

Summary

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the cap_set_file() function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.

EPSS Score⁠: 0.0001 (0.011)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-367⁠

Time-of-check Time-of-use (TOCTOU) Race Condition

Impacted images

Advisories

NIST

CREATED

1 month ago

UPDATED

8 days ago

ADVISORY IDCVE-2026-4878⁠

EXPLOITABILITY SCORE

0.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-367⁠

CVSS SCORE

6.7medium

Alpine

CREATED

1 month ago

UPDATED

21 days ago

ADVISORY IDCVE-2026-4878⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

1 month ago

UPDATED

17 days ago

ADVISORY IDCVE-2026-4878⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

1 month ago

UPDATED

17 days ago

ADVISORY IDCVE-2026-4878⁠

EXPLOITABILITY SCORE

1.0

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7medium

Alma

CREATED

16 days ago

UPDATED

15 days ago

ADVISORY IDALSA-2026:12441⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Alma

CREATED

12 days ago

UPDATED

11 days ago

ADVISORY IDALSA-2026:13285⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Rocky

CREATED

13 days ago

UPDATED

13 days ago

ADVISORY IDRLSA-2026:12423⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Rocky

CREATED

13 days ago

UPDATED

13 days ago

ADVISORY IDRLSA-2026:12441⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Rocky

CREATED

10 days ago

UPDATED

10 days ago

ADVISORY IDRLSA-2026:13285⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

16 days ago

UPDATED

16 days ago

ADVISORY IDELSA-2026-12423⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

16 days ago

UPDATED

16 days ago

ADVISORY IDELSA-2026-12441⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

11 days ago

UPDATED

11 days ago

ADVISORY IDELSA-2026-13285⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

minimos

CREATED

16 days ago

UPDATED

16 days ago

ADVISORY ID

MINI-2gpr-cw8q-9r9p

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY