A TOCTOU race condition in the `cap_set_file()` function of libcap (CVE-2026-4878, CVSS 6.7) can be exploited for local privilege escalation. The vulnerability affects libcap_project libcap up to unspecified versions and Red Hat Enterprise Linux versions 8.0, 9.0, and 10.0. The advisory provides updated packages for RHEL 10, specifically libcap version 2.69-7.el10_1.1, to remediate the issue.
Red Hat Product Errata RHSA-2026:12423 - Security Advisory Issued: 2026-04-30 Updated: 2026-04-30 RHSA-2026:12423 - Security Advisory Overview Updated Packages Synopsis Important: libcap security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for libcap is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Libcap is a library for getting and setting POSIX.1e (formerly POSIX 6) draft 15 capabilities. Security Fix(es): libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() (CVE-2026-4878) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Fixes BZ - 2451615 - CVE-2026-4878 libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() CVEs CVE-2026-4878 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM libcap-2.69-7.el10_1.1.src.rpm SHA-256: a63a6481fe824b685ba5a05297efbc15fc24f6554acea576c6d6bed897ba887b x86_64 libcap-2.69-7.el10_1.1.x86_64.rpm SHA-256: f4320edd0f4a4c5b88cc9dde30502eab4a133a630f459b5c4f65a930100191cb libcap-debuginfo-2.69-7.el10_1.1.x86_64.rpm SHA-256: 77f5f7d5d325a71ffb50d71be0871cdd28c0dec4e059619cab46b562b28118b3 libcap-debuginfo-2.69-7.el10_1.1.x86_64.rpm SHA-256: 77f5f7d5d325a71ffb50d71be0871cdd28c0dec4e059619cab46b562b28118b3 libcap-debugsource-2.69-7.el10_1.1.x86_64.rpm SHA-256: 75da5702c76d96cb96e1b7cf3f6073f33d685b247889a3830ddb2be06c8f5c6c libcap-debugsource-2.69-7.el10_1.1.x86_64.rpm SHA-256: 75da5702c76d96cb96e1b7cf3f6073f33d685b247889a3830ddb2be06c8f5c6c libcap-devel-2.69-7.el10_1.1.x86_64.rpm SHA-256: bbca99e417b0c6e90d73887bfc2d53455fb60a92b1a5da27d50bfe7ab840b19b Red Hat Enterprise Linux for IBM z Systems 10 SRPM libcap-2.69-7.el10_1.1.src.rpm SHA-256: a63a6481fe824b685ba5a05297efbc15fc24f6554acea576c6d6bed897ba887b s390x libcap-2.69-7.el10_1.1.s390x.rpm SHA-256: 0461559010dad8b21a6f736d5530345d2381375a271ff5160bb490a3badf5e4c libcap-debuginfo-2.69-7.el10_1.1.s390x.rpm SHA-256: 3c7fa1532260020ee3110ad1f9ef63951c9d74bb41f24b1e980d028a983870c8 libcap-debuginfo-2.69-7.el10_1.1.s390x.rpm SHA-256: 3c7fa1532260020ee3110ad1f9ef63951c9d74bb41f24b1e980d028a983870c8 libcap-debugsource-2.69-7.el10_1.1.s390x.rpm SHA-256: e947dee3422f22947ffe94a06bea2b355669a54509da4a63e03ee8d7b8a312ea libcap-debugsource-2.69-7.el10_1.1.s390x.rpm SHA-256: e947dee3422f22947ffe94a06bea2b355669a54509da4a63e03ee8d7b8a312ea libcap-devel-2.69-7.el10_1.1.s390x.rpm SHA-256: cc830a70d1fffd30320bbe528ef59f4ae639ffb950d1672da661453a22d25072 Red Hat Enterprise Linux for Power, little endian 10 SRPM libcap-2.69-7.el10_1.1.src.rpm SHA-256: a63a6481fe824b685ba5a05297efbc15fc24f6554acea576c6d6bed897ba887b ppc64le libcap-2.69-7.el10_1.1.ppc64le.rpm SHA-256: 516bb20e2f658e99b37c629f9da29dc13c070696d9d13da6c4245a4fb493d668 libcap-debuginfo-2.69-7.el10_1.1.ppc64le.rpm SHA-256: eeefa3ae570ab275813478b564029cebe75ce73c693e19f2097d175e56d720d8 libcap-debuginfo-2.69-7.el10_1.1.ppc64le.rpm SHA-256: eeefa3ae570ab275813478b564029cebe75ce73c693e19f2097d175e56d720d8 libcap-debugsource-2.69-7.el10_1.1.ppc64le.rpm SHA-256: 9ad7c9f22c2ca91a3d50cb5944864836510eaf4e8c76c9f3a2d017c26f24c2d0 libcap-debugsource-2.69-7.el10_1.1.ppc64le.rpm SHA-256: 9ad7c9f22c2ca91a3d50cb5944864836510eaf4e8c76c9f3a2d017c26f24c2d0 libcap-devel-2.69-7.el10_1.1.ppc64le.rpm SHA-256: b2cfee3efd0ff7e4ee9cb61f0a265c2f0df7843d52b9be32de0909a8e918ed3e Red Hat Enterprise Linux for ARM 64 10 SRPM libcap-2.69-7.el10_1.1.src.rpm SHA-256: a63a6481fe824b685ba5a05297efbc15fc24f6554acea576c6d6bed897ba887b aarch64 libcap-2.69-7.el10_1.1.aarch64.rpm SHA-256: 5ad6fc9e73a002563d0f58caabca302c2a257676bbc5767e4435e3c68d5ce546 libcap-debuginfo-2.69-7.el10_1.1.aarch64.rpm SHA-256: c11867e53d4f53e022baf0eca10408e7cb0191f1e4a0fd8e52a2e0d9124fc6c8 libcap-debuginfo-2.69-7.el10_1.1.aarch64.rpm SHA-256: c11867e53d4f53e022baf0eca10408e7cb0191f1e4a0fd8e52a2e0d9124fc6c8 libcap-debugsource-2.69-7.el10_1.1.aarch64.rpm SHA-256: bcaa27d87a2901082a1bc388aa8f3633b18fb43a8369281d269cddd7a584c7aa libcap-debugsource-2.69-7.el10_1.1.aarch64.rpm SHA-256: bcaa27d87a2901082a1bc388aa8f3633b18fb43a8369281d269cddd7a584c7aa libcap-devel-2.69-7.el10_1.1.aarch64.rpm SHA-256: 41fb0bbb6928816cf8d1418a007eb5098f4babacbb48d2f09cf10df6fa62681e The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .