THREATOPS
THREAT OPSThreat News › [NVD] CVE-2026-4878 (MEDIUM 6.7) — A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled

[NVD] CVE-2026-4878 (MEDIUM 6.7) — A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled

lownvdPublished 2026-04-09

CVE-2026-4878 CVSS: 6.7 MEDIUM Published: 2026-04-09T16:16:31.987

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into

Indicators of compromise

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-4878