A TOCTOU race condition in libcap's `cap_set_file()` function (CVE-2026-4878, CVSS 6.7) can be exploited for local privilege escalation. The vulnerability affects libcap_project libcap up to unspecified versions and Red Hat Enterprise Linux versions 8.0, 9.0, and 10.0. Red Hat has released patched packages for RHEL 10, such as libcap-2.69-7.el10_2.1, to address this issue.
Red Hat Product Errata RHSA-2026:19130 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19130 - Security Advisory Overview Updated Packages Synopsis Important: libcap security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for libcap is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Libcap is a library for getting and setting POSIX.1e (formerly POSIX 6) draft 15 capabilities. Security Fix(es): libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() (CVE-2026-4878) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Fixes BZ - 2451615 - CVE-2026-4878 libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() CVEs CVE-2026-4878 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM libcap-2.69-7.el10_2.1.src.rpm SHA-256: 690319ad324656ce9ab9592acf9ed534e7884b412ee4392cae165ea7b3e1a680 x86_64 libcap-2.69-7.el10_2.1.x86_64.rpm SHA-256: 2cec36ea2d64c8d9bce94e6b56b1597971e0c3375af24f7418e83b2d22066e18 libcap-debuginfo-2.69-7.el10_2.1.x86_64.rpm SHA-256: 6e5237d6ceb9294db24e9462c9740537c8077a7671c67ccff44fe153975c60c9 libcap-debuginfo-2.69-7.el10_2.1.x86_64.rpm SHA-256: 6e5237d6ceb9294db24e9462c9740537c8077a7671c67ccff44fe153975c60c9 libcap-debugsource-2.69-7.el10_2.1.x86_64.rpm SHA-256: 8d1098c8b6d0f8217dc13a7c34dde8d2294b8986e3abdd90d4e1e7496d72ce3d libcap-debugsource-2.69-7.el10_2.1.x86_64.rpm SHA-256: 8d1098c8b6d0f8217dc13a7c34dde8d2294b8986e3abdd90d4e1e7496d72ce3d libcap-devel-2.69-7.el10_2.1.x86_64.rpm SHA-256: f232d00015d7a02b25eb4649ddd4f355e9837c4187751f1bf56c3234376f73ed Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 SRPM libcap-2.69-7.el10_2.1.src.rpm SHA-256: 690319ad324656ce9ab9592acf9ed534e7884b412ee4392cae165ea7b3e1a680 x86_64 libcap-2.69-7.el10_2.1.x86_64.rpm SHA-256: 2cec36ea2d64c8d9bce94e6b56b1597971e0c3375af24f7418e83b2d22066e18 libcap-debuginfo-2.69-7.el10_2.1.x86_64.rpm SHA-256: 6e5237d6ceb9294db24e9462c9740537c8077a7671c67ccff44fe153975c60c9 libcap-debuginfo-2.69-7.el10_2.1.x86_64.rpm SHA-256: 6e5237d6ceb9294db24e9462c9740537c8077a7671c67ccff44fe153975c60c9 libcap-debugsource-2.69-7.el10_2.1.x86_64.rpm SHA-256: 8d1098c8b6d0f8217dc13a7c34dde8d2294b8986e3abdd90d4e1e7496d72ce3d libcap-debugsource-2.69-7.el10_2.1.x86_64.rpm SHA-256: 8d1098c8b6d0f8217dc13a7c34dde8d2294b8986e3abdd90d4e1e7496d72ce3d libcap-devel-2.69-7.el10_2.1.x86_64.rpm SHA-256: f232d00015d7a02b25eb4649ddd4f355e9837c4187751f1bf56c3234376f73ed Red Hat Enterprise Linux for IBM z Systems 10 SRPM libcap-2.69-7.el10_2.1.src.rpm SHA-256: 690319ad324656ce9ab9592acf9ed534e7884b412ee4392cae165ea7b3e1a680 s390x libcap-2.69-7.el10_2.1.s390x.rpm SHA-256: 7b88ddeb207525317a11bd5b9e2421704b5f190f2c8ff2853ec03bf26266944e libcap-debuginfo-2.69-7.el10_2.1.s390x.rpm SHA-256: 3464755a583cba7a355c71ba2a48f845678dfee130ff9dfd57b967cfd5f383ba libcap-debuginfo-2.69-7.el10_2.1.s390x.rpm SHA-256: 3464755a583cba7a355c71ba2a48f845678dfee130ff9dfd57b967cfd5f383ba libcap-debugsource-2.69-7.el10_2.1.s390x.rpm SHA-256: f56707cefa803310b884cba9a584f8179ce3c1de0a804d0fa5506c45d9141e3d libcap-debugsource-2.69-7.el10_2.1.s390x.rpm SHA-256: f56707cefa803310b884cba9a584f8179ce3c1de0a804d0fa5506c45d9141e3d libcap-devel-2.69-7.el10_2.1.s390x.rpm SHA-256: 6dc9f4d11369a28b38c44f76c435cfb7f0491ee348ede887a9013bcc519de7e6 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 SRPM libcap-2.69-7.el10_2.1.src.rpm SHA-256: 690319ad324656ce9ab9592acf9ed534e7884b412ee4392cae165ea7b3e1a680 s390x libcap-2.69-7.el10_2.1.s390x.rpm SHA-256: 7b88ddeb207525317a11bd5b9e2421704b5f190f2c8ff2853ec03bf26266944e libcap-debuginfo-2.69-7.el10_2.1.s390x.rpm SHA-256: 3464755a583cba7a355c71ba2a48f845678dfee130ff9dfd57b967cfd5f383ba libcap-debuginfo-2.69-7.el10_2.1.s390x.rpm SHA-256: 3464755a583cba7a355c71ba2a48f845678dfee130ff9dfd57b967cfd5f383ba libcap-debugsource-2.69-7.el10_2.1.s390x.rpm SHA-256: f56707cefa803310b884cba9a584f8179ce3c1de0a804d0fa5506c45d9141e3d libcap-debugsource-2.69-7.el10_2.1.s390x.rpm SHA-256: f56707cefa803310b884cba9a584f8179ce3c1de0a804d0fa5506c45d9141e3d libcap-devel-2.69-7.el10_2.1.s390x.rpm SHA-256: 6dc9f4d11369a28b38c44f76c435cfb7f0491ee348ede887a9013bcc519de7e6 Red Hat Enterprise Linux for Power, little endian 10 SRPM libcap-2.69-7.el10_2.1.src.rpm SHA-256: 690319ad324656ce9ab9592acf9ed534e7884b412ee4392cae165ea7b3e1a680 ppc64le libcap-2.69-7.el10_2.1.ppc64le.rpm SHA-256: 854ef3fa41e9f12ebdac1e23e75ca6bde8b6bcfd1ae7cb68957c8c179de06611 libcap-debuginfo-2.69-7.el10_2.1.ppc64le.rpm SHA-256: bf3b44ea39ed3378295a3c5015abe584fe465c20229ef87a8bc90cb51a03d593 libcap-debuginfo-2.69-7.el10_2.1.ppc64le.rpm SHA-256: bf3b44ea39ed3378295a3c5015abe584fe465c20229ef87a8bc90cb51a03d593 libcap-debugsource-2.69-7.el10_2.1.ppc64le.rpm SHA-256: 8b86f2a20aadef1729013236b036682a01a24b0a05d6916f48151d1a963e2e30 libcap-debugsource-2.69-7.el10_2.1.ppc64le.rpm SHA-256: 8b86f2a20aadef1729013236b036682a01a24b0a05d6916f48151d1a963e2e30 libcap-devel-2.69-7.el10_2.1.ppc64le.rpm SHA-256: 666fcef20adeb10fa3b90eeea6a8f9c2d12c02f765583e45fd864cb8d904db73 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 SRPM libcap-2.69-7.el10_2.1.src.rpm SHA-256: 690319ad324656ce9ab9592acf9ed534e7884b412ee4392cae165ea7b3e1a680 ppc64le libcap-2.69-7.el10_2.1.ppc64le.rpm SHA-256: 854ef3fa41e9f12ebdac1e23e75ca6bde8b6bcfd1ae7cb68957c8c179de06611 libcap-debuginfo-2.69-7.el10_2.1.ppc64le.rpm SHA-256: bf3b44ea39ed3378295a3c5015abe584fe465c20229ef87a8bc90cb51a03d593 libcap-debuginfo-2.69-7.el10_2.1.ppc64le.rpm SHA-256: bf3b44ea39ed3378295a3c5015abe584fe465c20229ef87a8bc90cb51a03d593 libcap-debugsource-2.69-7.el10_2.1.ppc64le.rpm SHA-256: 8b86f2a20aadef1729013236b036682a01a24b0a05d6916f48151d1a963e2e30 libcap-debugsource-2.69-7.el10_2.1.ppc64le.rpm SHA-256: 8b86f2a20aadef1729013236b036682a01a24b0a05d6916f48151d1a963e2e30 libcap-devel-2.69-7.el10_2.1.ppc64le.rpm SHA-256: 666fcef20adeb10fa3b90eeea6a8f9c2d12c02f765583e45fd864cb8d904db73 Red Hat Enterprise Linux for ARM 64 10 SRPM libcap-2.69-7.el10_2.1.src.rpm SHA-256: 690319ad324656ce9ab9592acf9ed534e7884b412ee4392cae165ea7b3e1a680 aarch64 libcap-2.69-7.el10_2.1.aarch64.rpm SHA-256: 79bd0d5cfca4caf9ba2456d95021ad1c5d139cbe2ce70c4f539e317d52093387 libcap-debuginfo-2.69-7.el10_2.1.aarch64.rpm SHA-256: 5fe1c6715f9fddf5b4fe2e22a4284431bb885970a6d5f8ea3f1b09b26a5f3b39 libcap-debuginfo-2.69-7.el10_2.1.aarch64.rpm SHA-256: 5fe1c6715f9fddf5b4fe2e22a4284431bb885970a6d5f8ea3f1b09b26a5f3b39 libcap-debugsource-2.69-7.el10_2.1.aarch64.rpm SHA-256: 71fd1760f18bd67f220510198f0a43e169d0d0a85f67ee971938cbb4b85f12f2 libcap-debugsource-2.69-7.el10_2.1.aarch64.rpm SHA-256: 71fd1760f18bd67f220510198f0a43e169d0d0a85f67ee971938cbb4b85f12f2 libcap-devel-2.69-7.el10_2.1.aarch64.rpm SHA-256: 930c8e9443d05d52a013e21e4092701362f4a17b153498c5d7442a225f454229 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 SRPM libcap-2.69-7.el10_2.1.src.rpm SHA-256: 690319ad324656ce9ab9592acf9ed534e7884b412ee4392cae165ea7b3e1a680 aarch64 libcap-2.69-7.el10_2.1.aarch64.rpm SHA-256: 79bd0d5cfca4caf9ba2456d95021ad1c5d139cbe2ce70c4f539e317d52093387 libcap-debuginfo-2.69-7.el10_2.1.aarch64.rpm SHA-256: 5fe1c6715f9fddf5b4fe2e22a4284431bb885970a6d5f8ea3f1b09b26a5f3b39 libcap-debuginfo-2.69-7.el10_2.1.aarch64.rpm SHA-256: 5fe1c6715f9fddf5b4fe2e22a4284431bb885970a6d5f8ea3f1b09b26a5f3b39 libcap-debugsource-2.69-7.el10_2.1.aarch64.rpm SHA-256: 71fd1760f18bd67f220510198f0a43e169d0d0a85f67ee971938cbb4b85f12f2 libcap-debugsource-2.69-7.el10_2.1.aarch64.rpm SHA-256: 71fd1760f18bd67f220510198f0a43e169d0d0a85f67ee971938cbb4b85f12f2 libcap-devel-2.69-7.el10_2.1.aarch64.rpm SHA-256: 930c8e9443d05d52a013e21e4092701362f4a17b153498c5d7442a225f454229 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 SRPM libcap-2.69-7.el10_2.1.src.rpm SHA-256: 690319ad324656ce9ab9592acf9ed534e7884b412ee4392cae165ea7b3e1a680 aarch64 libcap-2.69-7.el10_2.1.aarch64.rpm SHA-256: 79bd0d5cfca4caf9ba2456d95021ad1c5d139cbe2ce