A TOCTOU race condition in libcap's `cap_set_file()` function (CVE-2026-4878) can allow local privilege escalation. The vulnerability has a CVSS 3.1 score of 6.7 (MEDIUM). Affected versions include libcap_project libcap up to the patched version and Red Hat Enterprise Linux 8.0, 9.0, and 10.0; the fix is provided in Red Hat's libcap-2.48-6.el8_10.1 update.
Red Hat Product Errata RHSA-2026:13285 - Security Advisory Issued: 2026-05-04 Updated: 2026-05-04 RHSA-2026:13285 - Security Advisory Overview Updated Packages Synopsis Important: libcap security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for libcap is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Libcap is a library for getting and setting POSIX.1e (formerly POSIX 6) draft 15 capabilities. Security Fix(es): libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() (CVE-2026-4878) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Fixes BZ - 2451615 - CVE-2026-4878 libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() CVEs CVE-2026-4878 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM libcap-2.48-6.el8_10.1.src.rpm SHA-256: 20172acc8896bcbd8754e798044db712f4fa845b40ff19a138d8f46fe8d0d146 x86_64 libcap-2.48-6.el8_10.1.i686.rpm SHA-256: f9aeb4097aa6e5f563bb54a303a3af4df7c48080f1e8e5ec4f10367e936e2b62 libcap-2.48-6.el8_10.1.x86_64.rpm SHA-256: c3ac35bc53a12af3ebb92d74b815078c36ba6f855442769e1260c6a4b2626f35 libcap-debuginfo-2.48-6.el8_10.1.i686.rpm SHA-256: 3edca06a46fe9241b0be7efd6dfd5017e6a53062f55066381f9b2d9b851c6dfa libcap-debuginfo-2.48-6.el8_10.1.x86_64.rpm SHA-256: 741aa35516aa136fc9ce523eb5168ddcc88e9249d08e52a0328a29a26fab8aaa libcap-debugsource-2.48-6.el8_10.1.i686.rpm SHA-256: 4316fbe5c1e23c9670c849be7844ea6134572ba398071430e84912496af52a1f libcap-debugsource-2.48-6.el8_10.1.x86_64.rpm SHA-256: 3993dd09a228d4fec57cb61394264c8d16ed3abd451ebaabded72e938a263376 libcap-devel-2.48-6.el8_10.1.i686.rpm SHA-256: 8813b41cb2217929295d79f4ef4e98303c61a1394d9b4328c17fca09f879ebfb libcap-devel-2.48-6.el8_10.1.x86_64.rpm SHA-256: c33beb442fe4d4a009c476ae9857f4a30bacbe456292fd87d104c21959c69d39 Red Hat Enterprise Linux for IBM z Systems 8 SRPM libcap-2.48-6.el8_10.1.src.rpm SHA-256: 20172acc8896bcbd8754e798044db712f4fa845b40ff19a138d8f46fe8d0d146 s390x libcap-2.48-6.el8_10.1.s390x.rpm SHA-256: cec3ce5c67bfc8a63dbd834e4ef678999a735284e9386452c13241e04aa3616a libcap-debuginfo-2.48-6.el8_10.1.s390x.rpm SHA-256: c377d0dfc78a957cac926f6a084a67baea86ab25c12ec93926eb38ec2bdad618 libcap-debugsource-2.48-6.el8_10.1.s390x.rpm SHA-256: 15ed669baeff1490d6af7a8ee0422174c541a7531acfd35fc3155b3abf34ab0b libcap-devel-2.48-6.el8_10.1.s390x.rpm SHA-256: 6d7a90a840bd09a680526a6d2e97b3362aca762492a9aa9bdcd9d403ab6e5227 Red Hat Enterprise Linux for Power, little endian 8 SRPM libcap-2.48-6.el8_10.1.src.rpm SHA-256: 20172acc8896bcbd8754e798044db712f4fa845b40ff19a138d8f46fe8d0d146 ppc64le libcap-2.48-6.el8_10.1.ppc64le.rpm SHA-256: 66541e2bdda745a9d940d421e1daae372d11d5e0985af3d57a12f9074a55495c libcap-debuginfo-2.48-6.el8_10.1.ppc64le.rpm SHA-256: dcf3e596dd7a34170d1eb2f006cb31264ebcd11ef54550dbddc5f0772e9131dc libcap-debugsource-2.48-6.el8_10.1.ppc64le.rpm SHA-256: b30adfeb44c6b19679152471f2204254523e2806decdc16b78f0b483d1af7c0a libcap-devel-2.48-6.el8_10.1.ppc64le.rpm SHA-256: 2cb556d94c40fe35ce3f5e6f6d676033b07eaf0dce4237c34b361d55f84e06b8 Red Hat Enterprise Linux for ARM 64 8 SRPM libcap-2.48-6.el8_10.1.src.rpm SHA-256: 20172acc8896bcbd8754e798044db712f4fa845b40ff19a138d8f46fe8d0d146 aarch64 libcap-2.48-6.el8_10.1.aarch64.rpm SHA-256: 5914a5b8a6411e50bc3ad284ec36e3c268c7135f03ec645e498b462610a18df3 libcap-debuginfo-2.48-6.el8_10.1.aarch64.rpm SHA-256: 0c1a9e7f2421df1c20cc84447d22acc5be7c4eb47ac64e01850bb126a5f8813d libcap-debugsource-2.48-6.el8_10.1.aarch64.rpm SHA-256: 2e3cf8aa2865cdb3d8dfabe1567feb29e0080b899ed6d9e03828f1bb14a3d3e9 libcap-devel-2.48-6.el8_10.1.aarch64.rpm SHA-256: 31119b44bdd681ed9ebc171647ded2e3183ef9ff9a218894984752ad58ff2d84 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 SRPM libcap-2.48-6.el8_10.1.src.rpm SHA-256: 20172acc8896bcbd8754e798044db712f4fa845b40ff19a138d8f46fe8d0d146 x86_64 libcap-2.48-6.el8_10.1.i686.rpm SHA-256: f9aeb4097aa6e5f563bb54a303a3af4df7c48080f1e8e5ec4f10367e936e2b62 libcap-2.48-6.el8_10.1.x86_64.rpm SHA-256: c3ac35bc53a12af3ebb92d74b815078c36ba6f855442769e1260c6a4b2626f35 libcap-debuginfo-2.48-6.el8_10.1.i686.rpm SHA-256: 3edca06a46fe9241b0be7efd6dfd5017e6a53062f55066381f9b2d9b851c6dfa libcap-debuginfo-2.48-6.el8_10.1.x86_64.rpm SHA-256: 741aa35516aa136fc9ce523eb5168ddcc88e9249d08e52a0328a29a26fab8aaa libcap-debugsource-2.48-6.el8_10.1.i686.rpm SHA-256: 4316fbe5c1e23c9670c849be7844ea6134572ba398071430e84912496af52a1f libcap-debugsource-2.48-6.el8_10.1.x86_64.rpm SHA-256: 3993dd09a228d4fec57cb61394264c8d16ed3abd451ebaabded72e938a263376 libcap-devel-2.48-6.el8_10.1.i686.rpm SHA-256: 8813b41cb2217929295d79f4ef4e98303c61a1394d9b4328c17fca09f879ebfb libcap-devel-2.48-6.el8_10.1.x86_64.rpm SHA-256: c33beb442fe4d4a009c476ae9857f4a30bacbe456292fd87d104c21959c69d39 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 SRPM libcap-2.48-6.el8_10.1.src.rpm SHA-256: 20172acc8896bcbd8754e798044db712f4fa845b40ff19a138d8f46fe8d0d146 aarch64 libcap-2.48-6.el8_10.1.aarch64.rpm SHA-256: 5914a5b8a6411e50bc3ad284ec36e3c268c7135f03ec645e498b462610a18df3 libcap-debuginfo-2.48-6.el8_10.1.aarch64.rpm SHA-256: 0c1a9e7f2421df1c20cc84447d22acc5be7c4eb47ac64e01850bb126a5f8813d libcap-debugsource-2.48-6.el8_10.1.aarch64.rpm SHA-256: 2e3cf8aa2865cdb3d8dfabe1567feb29e0080b899ed6d9e03828f1bb14a3d3e9 libcap-devel-2.48-6.el8_10.1.aarch64.rpm SHA-256: 31119b44bdd681ed9ebc171647ded2e3183ef9ff9a218894984752ad58ff2d84 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 SRPM libcap-2.48-6.el8_10.1.src.rpm SHA-256: 20172acc8896bcbd8754e798044db712f4fa845b40ff19a138d8f46fe8d0d146 ppc64le libcap-2.48-6.el8_10.1.ppc64le.rpm SHA-256: 66541e2bdda745a9d940d421e1daae372d11d5e0985af3d57a12f9074a55495c libcap-debuginfo-2.48-6.el8_10.1.ppc64le.rpm SHA-256: dcf3e596dd7a34170d1eb2f006cb31264ebcd11ef54550dbddc5f0772e9131dc libcap-debugsource-2.48-6.el8_10.1.ppc64le.rpm SHA-256: b30adfeb44c6b19679152471f2204254523e2806decdc16b78f0b483d1af7c0a libcap-devel-2.48-6.el8_10.1.ppc64le.rpm SHA-256: 2cb556d94c40fe35ce3f5e6f6d676033b07eaf0dce4237c34b361d55f84e06b8 Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 SRPM libcap-2.48-6.el8_10.1.src.rpm SHA-256: 20172acc8896bcbd8754e798044db712f4fa845b40ff19a138d8f46fe8d0d146 s390x libcap-2.48-6.el8_10.1.s390x.rpm SHA-256: cec3ce5c67bfc8a63dbd834e4ef678999a735284e9386452c13241e04aa3616a libcap-debuginfo-2.48-6.el8_10.1.s390x.rpm SHA-256: c377d0dfc78a957cac926f6a084a67baea86ab25c12ec93926eb38ec2bdad618 libcap-debugsource-2.48-6.el8_10.1.s390x.rpm SHA-256: 15ed669baeff1490d6af7a8ee0422174c541a7531acfd35fc3155b3abf34ab0b libcap-devel-2.48-6.el8_10.1.s390x.rpm SHA-256: 6d7a90a840bd09a680526a6d2e97b3362aca762492a9aa9bdcd9d403ab6e5227 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .