Vulnerability-Lookup

WID-SEC-W-2026-1267

Vulnerability from csaf_certbund - Published: 2026-04-26 22:00 - Updated: 2026-06-02 22:00

Summary

Red Hat Hardened Images RPMs: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Red Hat Hardened Images RPMs ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Rechte zu erweitern, vertrauliche Informationen offenzulegen, Daten zu manipulieren oder einen Denial-of-Service-Zustand zu verursachen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX

CVE-2025-69277

Affected products

Known affected 10 products

Product	Identifier	Version
Red Hat Enterprise Linux Update Infrastructure 5.1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1`	Update Infrastructure 5.1
Red Hat Enterprise Linux Hardened Images RPMs Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:hardened_images_rpms`	Hardened Images RPMs
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
IBM MQ Agent IBM / MQ	`cpe:/a:ibm:mq:agent`	Agent
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Red Hat Enterprise Linux 9.4 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9.4`	9.4
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-2100

Affected products

Known affected 10 products

Product	Identifier	Version
Red Hat Enterprise Linux Update Infrastructure 5.1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1`	Update Infrastructure 5.1
Red Hat Enterprise Linux Hardened Images RPMs Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:hardened_images_rpms`	Hardened Images RPMs
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
IBM MQ Agent IBM / MQ	`cpe:/a:ibm:mq:agent`	Agent
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Red Hat Enterprise Linux 9.4 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9.4`	9.4
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-41989

Affected products

Known affected 10 products

Product	Identifier	Version
Red Hat Enterprise Linux Update Infrastructure 5.1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1`	Update Infrastructure 5.1
Red Hat Enterprise Linux Hardened Images RPMs Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:hardened_images_rpms`	Hardened Images RPMs
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
IBM MQ Agent IBM / MQ	`cpe:/a:ibm:mq:agent`	Agent
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Red Hat Enterprise Linux 9.4 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9.4`	9.4
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-4878

Affected products

Known affected 10 products

Product	Identifier	Version
Red Hat Enterprise Linux Update Infrastructure 5.1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1`	Update Infrastructure 5.1
Red Hat Enterprise Linux Hardened Images RPMs Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:hardened_images_rpms`	Hardened Images RPMs
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
IBM MQ Agent IBM / MQ	`cpe:/a:ibm:mq:agent`	Agent
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Red Hat Enterprise Linux 9.4 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:9.4`	9.4
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

References

32 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://access.redhat.com/errata/RHSA-2026:7065	external
https://access.redhat.com/errata/RHSA-2026:7369	external
https://access.redhat.com/errata/RHSA-2026:7473	external
https://access.redhat.com/errata/RHSA-2026:8466	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://access.redhat.com/errata/RHSA-2026:13285	external
http://linux.oracle.com/errata/ELSA-2026-12441.html	external
https://access.redhat.com/errata/RHSA-2026:12423	external
https://access.redhat.com/errata/RHSA-2026:12441	external
http://linux.oracle.com/errata/ELSA-2026-12423.html	external
https://errata.build.resf.org/RLSA-2026:13285	external
https://access.redhat.com/errata/RHSA-2026:14391	external
http://linux.oracle.com/errata/ELSA-2026-13285.html	external
https://access.redhat.com/errata/RHSA-2026:14162	external
https://access.redhat.com/errata/RHSA-2026:14937	external
https://www.ibm.com/support/pages/node/7273338	external
https://access.redhat.com/errata/RHSA-2026:18143	external
https://access.redhat.com/errata/RHSA-2026:19456	external
https://access.redhat.com/errata/RHSA-2026:19130	external
https://errata.build.resf.org/RLSA-2026:19346	external
https://access.redhat.com/errata/RHSA-2026:18599	external
https://access.redhat.com/errata/RHSA-2026:19458	external
https://access.redhat.com/errata/RHSA-2026:19346	external
https://security-tracker.debian.org/tracker/DSA-6294-1	external
https://access.redhat.com/errata/RHSA-2026:20595	external
https://access.redhat.com/errata/RHSA-2026:21254	external
https://access.redhat.com/errata/RHSA-2026:21275	external
https://access.redhat.com/errata/RHSA-2026:22634	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Red Hat Hardened Images RPMs ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Rechte zu erweitern, vertrauliche Informationen offenzulegen, Daten zu manipulieren oder einen Denial-of-Service-Zustand zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1267 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1267.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1267 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1267"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:7065 vom 2026-04-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:7065"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:7369 vom 2026-04-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:7369"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:7473 vom 2026-04-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:7473"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:8466 vom 2026-04-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:8466"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21274-1 vom 2026-04-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025632.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-8409145C11 vom 2026-04-27",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-8409145c11"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-9A79C58AFD vom 2026-04-27",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-9a79c58afd"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:13285 vom 2026-05-04",
        "url": "https://access.redhat.com/errata/RHSA-2026:13285"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-12441 vom 2026-05-01",
        "url": "http://linux.oracle.com/errata/ELSA-2026-12441.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:12423 vom 2026-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2026:12423"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:12441 vom 2026-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2026:12441"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-12423 vom 2026-05-04",
        "url": "http://linux.oracle.com/errata/ELSA-2026-12423.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:13285 vom 2026-05-06",
        "url": "https://errata.build.resf.org/RLSA-2026:13285"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:14391 vom 2026-05-07",
        "url": "https://access.redhat.com/errata/RHSA-2026:14391"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-13285 vom 2026-05-07",
        "url": "http://linux.oracle.com/errata/ELSA-2026-13285.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:14162 vom 2026-05-06",
        "url": "https://access.redhat.com/errata/RHSA-2026:14162"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:14937 vom 2026-05-08",
        "url": "https://access.redhat.com/errata/RHSA-2026:14937"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7273338 vom 2026-05-18",
        "url": "https://www.ibm.com/support/pages/node/7273338"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:18143 vom 2026-05-19",
        "url": "https://access.redhat.com/errata/RHSA-2026:18143"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:19456 vom 2026-05-20",
        "url": "https://access.redhat.com/errata/RHSA-2026:19456"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:19130 vom 2026-05-19",
        "url": "https://access.redhat.com/errata/RHSA-2026:19130"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:19346 vom 2026-05-20",
        "url": "https://errata.build.resf.org/RLSA-2026:19346"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:18599 vom 2026-05-19",
        "url": "https://access.redhat.com/errata/RHSA-2026:18599"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:19458 vom 2026-05-20",
        "url": "https://access.redhat.com/errata/RHSA-2026:19458"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:19346 vom 2026-05-20",
        "url": "https://access.redhat.com/errata/RHSA-2026:19346"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6294 vom 2026-05-23",
        "url": "https://security-tracker.debian.org/tracker/DSA-6294-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:20595 vom 2026-05-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:20595"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:21254 vom 2026-05-27",
        "url": "https://access.redhat.com/errata/RHSA-2026:21254"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:21275 vom 2026-05-27",
        "url": "https://access.redhat.com/errata/RHSA-2026:21275"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:22634 vom 2026-06-02",
        "url": "https://access.redhat.com/errata/RHSA-2026:22634"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat Hardened Images RPMs: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-02T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-03T06:33:59.069+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1267",
      "initial_release_date": "2026-04-26T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-04-26T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-05-03T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2026-05-04T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2026-05-05T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2026-05-06T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2026-05-07T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-05-18T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2026-05-19T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat und Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2026-05-25T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Debian und Red Hat aufgenommen"
        },
        {
          "date": "2026-05-26T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-05-27T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-06-02T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "12"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "T054614",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Agent",
                "product": {
                  "name": "IBM MQ Agent",
                  "product_id": "T054280",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:agent"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "MQ"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux",
                "product": {
                  "name": "Red Hat Enterprise Linux",
                  "product_id": "67646",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Hardened Images RPMs",
                "product": {
                  "name": "Red Hat Enterprise Linux Hardened Images RPMs",
                  "product_id": "T053320",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:hardened_images_rpms"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.4",
                "product": {
                  "name": "Red Hat Enterprise Linux 9.4",
                  "product_id": "T054699",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:9.4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Update Infrastructure 5.1",
                "product": {
                  "name": "Red Hat Enterprise Linux Update Infrastructure 5.1",
                  "product_id": "T054761",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-69277",
      "product_status": {
        "known_affected": [
          "T054761",
          "T053320",
          "T002207",
          "67646",
          "T054280",
          "T054614",
          "T004914",
          "T054699",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2026-04-26T22:00:00.000+00:00",
      "title": "CVE-2025-69277"
    },
    {
      "cve": "CVE-2026-2100",
      "product_status": {
        "known_affected": [
          "T054761",
          "T053320",
          "T002207",
          "67646",
          "T054280",
          "T054614",
          "T004914",
          "T054699",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2026-04-26T22:00:00.000+00:00",
      "title": "CVE-2026-2100"
    },
    {
      "cve": "CVE-2026-41989",
      "product_status": {
        "known_affected": [
          "T054761",
          "T053320",
          "T002207",
          "67646",
          "T054280",
          "T054614",
          "T004914",
          "T054699",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2026-04-26T22:00:00.000+00:00",
      "title": "CVE-2026-41989"
    },
    {
      "cve": "CVE-2026-4878",
      "product_status": {
        "known_affected": [
          "T054761",
          "T053320",
          "T002207",
          "67646",
          "T054280",
          "T054614",
          "T004914",
          "T054699",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2026-04-26T22:00:00.000+00:00",
      "title": "CVE-2026-4878"
    }
  ]
}

CVE-2025-69277 (GCVE-0-2025-69277)

Vulnerability from cvelistv5 – Published: 2025-12-31 05:50 – Updated: 2026-01-07 17:06

Summary

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.

Severity

4.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-184 - Incomplete List of Disallowed Inputs

Assigner

mitre

References

8 references

URL	Tags
https://github.com/jedisct1/libsodium/commit/ad30…
https://00f.net/2025/12/30/libsodium-vulnerability/
https://news.ycombinator.com/item?id=46435614
https://ianix.com/pub/ed25519-deployment.html
https://github.com/pyca/pynacl/issues/920
https://github.com/pyca/pynacl/commit/ecf41f55a3d…
https://github.com/pyca/pynacl/commit/96314884d88…
https://lists.debian.org/debian-lts-announce/2026…

Impacted products

1 product

Vendor	Product	Version
libsodium	libsodium	Affected: 0 , < ad3004ec8731730e93fcfbbc824e67eadc1c1bae (git)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-69277",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-02T15:59:09.134600Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-02T17:38:32.240Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-01-07T17:06:43.302Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2026/01/msg00004.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "libsodium",
          "vendor": "libsodium",
          "versions": [
            {
              "lessThan": "ad3004ec8731730e93fcfbbc824e67eadc1c1bae",
              "status": "affected",
              "version": "0",
              "versionType": "git"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren\u0027t in the main cryptographic group."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-184",
              "description": "CWE-184 Incomplete List of Disallowed Inputs",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-06T16:38:46.029Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae"
        },
        {
          "url": "https://00f.net/2025/12/30/libsodium-vulnerability/"
        },
        {
          "url": "https://news.ycombinator.com/item?id=46435614"
        },
        {
          "url": "https://ianix.com/pub/ed25519-deployment.html"
        },
        {
          "url": "https://github.com/pyca/pynacl/issues/920"
        },
        {
          "url": "https://github.com/pyca/pynacl/commit/ecf41f55a3d8f1e10ce89c61c4b4d67f3f4467cf"
        },
        {
          "url": "https://github.com/pyca/pynacl/commit/96314884d88d1089ff5f336dba61d7abbcddbbf7"
        }
      ],
      "x_generator": {
        "engine": "CVE-Request-form 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-69277",
    "datePublished": "2025-12-31T05:50:07.422Z",
    "dateReserved": "2025-12-31T05:50:07.155Z",
    "dateUpdated": "2026-01-07T17:06:43.302Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-2100 (GCVE-0-2026-2100)

Vulnerability from cvelistv5 – Published: 2026-03-26 20:01 – Updated: 2026-06-02 18:40

Title

P11-kit: null dereference via c_derivekey with specific null parameters

Summary

A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-824 - Access of Uninitialized Pointer

Assigner

redhat

References

8 references

URL	Tags
https://access.redhat.com/errata/RHSA-2026:18143	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:18599	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21275	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22634	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7065	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-2100	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2437308	issue-trackingx_refsource_REDHAT
https://github.com/p11-glue/p11-kit/pull/740

Impacted products

12 products

Vendor	Product	Version
Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:0.26.2-1.el10 , < * (rpm) cpe:/o:redhat:enterprise_linux:10.2
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:0.26.2-1.el9 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Hardened Images	Unaffected: 0.26.2-1.1.hum1 , < * (rpm) cpe:/a:redhat:hummingbird:1
Red Hat	Red Hat Insights proxy 1.5	Unaffected: 1780420428 , < * (rpm) cpe:/a:redhat:insights_proxy:1.5::el9
Red Hat	Red Hat Update Infrastructure 5	Unaffected: 1779798159 , < * (rpm) cpe:/a:redhat:rhui:5::el9
Red Hat	Red Hat Update Infrastructure 5	Unaffected: 1779798164 , < * (rpm) cpe:/a:redhat:rhui:5::el9
Red Hat	Red Hat Update Infrastructure 5	Unaffected: 1779798165 , < * (rpm) cpe:/a:redhat:rhui:5::el9
Red Hat	Red Hat Update Infrastructure 5	Unaffected: 1779798222 , < * (rpm) cpe:/a:redhat:rhui:5::el9
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4

Date Public

2026-02-06 08:08

Credits

This issue was discovered by Zoltan Fridrich (Red Hat).

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2100",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T20:30:34.453809Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T20:30:53.390Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.2"
          ],
          "defaultStatus": "affected",
          "packageName": "p11-kit",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.26.2-1.el10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "p11-kit",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.26.2-1.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "p11-kit",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.26.2-1.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:hummingbird:1"
          ],
          "defaultStatus": "affected",
          "packageName": "p11-kit-main",
          "product": "Red Hat Hardened Images",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0.26.2-1.1.hum1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:insights_proxy:1.5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "insights-proxy/insights-proxy-container-rhel9",
          "product": "Red Hat Insights proxy 1.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1780420428",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhui:5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhui5/cds-rhel9",
          "product": "Red Hat Update Infrastructure 5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1779798159",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhui:5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhui5/haproxy-rhel9",
          "product": "Red Hat Update Infrastructure 5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1779798164",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhui:5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhui5/installer-rhel9",
          "product": "Red Hat Update Infrastructure 5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1779798165",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhui:5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhui5/rhua-rhel9",
          "product": "Red Hat Update Infrastructure 5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1779798222",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "p11-kit",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "p11-kit",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "p11-kit",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Zoltan Fridrich (Red Hat)."
        }
      ],
      "datePublic": "2026-02-06T08:08:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-824",
              "description": "Access of Uninitialized Pointer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-02T18:40:04.886Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:18143",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:18143"
        },
        {
          "name": "RHSA-2026:18599",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:18599"
        },
        {
          "name": "RHSA-2026:21275",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:21275"
        },
        {
          "name": "RHSA-2026:22634",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:22634"
        },
        {
          "name": "RHSA-2026:7065",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:7065"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-2100"
        },
        {
          "name": "RHBZ#2437308",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437308"
        },
        {
          "url": "https://github.com/p11-glue/p11-kit/pull/740"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-06T12:02:49.002Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-02-06T08:08:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "P11-kit: null dereference via c_derivekey with specific null parameters",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-824: Access of Uninitialized Pointer"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-2100",
    "datePublished": "2026-03-26T20:01:46.174Z",
    "dateReserved": "2026-02-06T12:05:50.501Z",
    "dateUpdated": "2026-06-02T18:40:04.886Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-41989 (GCVE-0-2026-41989)

Vulnerability from cvelistv5 – Published: 2026-04-23 04:30 – Updated: 2026-04-23 16:22

Summary

Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.

Severity

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-787 - Out-of-bounds Write

Assigner

mitre

References

3 references

URL	Tags
https://lists.gnupg.org/pipermail/gnupg-announce/…
https://dev.gnupg.org/T8211
https://www.openwall.com/lists/oss-security/2026/…

Impacted products

1 product

Vendor	Product	Version
gnupg	Libgcrypt	Affected: 1.8.8 , < 1.10.4 (semver) Affected: 1.11.0 , < 1.11.3 (semver) Affected: 1.12.0 , < 1.12.2 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41989",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-23T15:58:58.277481Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-23T16:22:47.896Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Libgcrypt",
          "vendor": "gnupg",
          "versions": [
            {
              "lessThan": "1.10.4",
              "status": "affected",
              "version": "1.8.8",
              "versionType": "semver"
            },
            {
              "lessThan": "1.11.3",
              "status": "affected",
              "version": "1.11.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.12.2",
              "status": "affected",
              "version": "1.12.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.10.4",
                  "versionStartIncluding": "1.8.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.11.3",
                  "versionStartIncluding": "1.11.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.12.2",
                  "versionStartIncluding": "1.12.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-23T05:10:34.992Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html"
        },
        {
          "url": "https://dev.gnupg.org/T8211"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2026/04/21/1"
        }
      ],
      "x_generator": {
        "engine": "CVE-Request-form 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2026-41989",
    "datePublished": "2026-04-23T04:30:26.124Z",
    "dateReserved": "2026-04-23T04:30:25.690Z",
    "dateUpdated": "2026-04-23T16:22:47.896Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4878 (GCVE-0-2026-4878)

Vulnerability from cvelistv5 – Published: 2026-04-09 14:49 – Updated: 2026-06-02 18:39

Title

Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()

Summary

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.

Severity

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Assigner

redhat

References

22 references

URL	Tags
https://access.redhat.com/errata/RHSA-2026:12423	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:12441	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13285	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:14162	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:14937	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19130	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19346	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19456	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19458	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20595	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21254	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21275	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22634	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7473	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-4878	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2447554
https://bugzilla.redhat.com/show_bug.cgi?id=2451615	issue-trackingx_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2026/04/07/4
http://www.openwall.com/lists/oss-security/2026/0…
http://www.openwall.com/lists/oss-security/2026/04/08/9
http://www.openwall.com/lists/oss-security/2026/04/09/5
http://www.openwall.com/lists/oss-security/2026/04/09/6

Impacted products

23 products

Vendor	Product	Version
Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:2.69-7.el10_1.1 , < * (rpm) cpe:/o:redhat:enterprise_linux:10.1
Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:2.69-7.el10_2.1 , < * (rpm) cpe:/o:redhat:enterprise_linux:10.2
Red Hat	Red Hat Enterprise Linux 10.0 Extended Update Support	Unaffected: 0:2.69-7.el10_0.1 , < * (rpm) cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.48-6.el8_10.1 , < * (rpm) cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.48-10.el9_7.1 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.48-10.el9_8.1 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Unaffected: 0:2.48-9.el9_2.1 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/o:redhat:rhel_e4s:9.2::baseos
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:2.48-9.el9_4.1 , < * (rpm) cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/o:redhat:rhel_eus:9.4::baseos
Red Hat	Red Hat Enterprise Linux 9.6 Extended Update Support	Unaffected: 0:2.48-9.el9_6.1 , < * (rpm) cpe:/a:redhat:rhel_eus:9.6::appstream cpe:/o:redhat:rhel_eus:9.6::baseos
Red Hat	Red Hat Discovery 2	Unaffected: 1778101579 , < * (rpm) cpe:/a:redhat:discovery:2::el9
Red Hat	Red Hat Discovery 2	Unaffected: 1778156756 , < * (rpm) cpe:/a:redhat:discovery:2::el9
Red Hat	Red Hat Hardened Images	Unaffected: 2.78-1.1.hum1 , < * (rpm) cpe:/a:redhat:hummingbird:1
Red Hat	Red Hat Insights proxy 1.5	Unaffected: 1780420428 , < * (rpm) cpe:/a:redhat:insights_proxy:1.5::el9
Red Hat	Red Hat OpenShift distributed tracing 3.9.3	Unaffected: 1778056267 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.9::el9
Red Hat	Red Hat OpenShift distributed tracing 3.9.3	Unaffected: 1778056233 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.9::el9
Red Hat	Red Hat OpenShift distributed tracing 3.9.3	Unaffected: 1778056245 , < * (rpm) cpe:/a:redhat:openshift_distributed_tracing:3.9::el9
Red Hat	Red Hat Update Infrastructure 5	Unaffected: 1779798159 , < * (rpm) cpe:/a:redhat:rhui:5::el9
Red Hat	Red Hat Update Infrastructure 5	Unaffected: 1779798164 , < * (rpm) cpe:/a:redhat:rhui:5::el9
Red Hat	Red Hat Update Infrastructure 5	Unaffected: 1779798165 , < * (rpm) cpe:/a:redhat:rhui:5::el9
Red Hat	Red Hat Update Infrastructure 5	Unaffected: 1779798222 , < * (rpm) cpe:/a:redhat:rhui:5::el9
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4

Date Public

2026-04-06 00:00

Credits

Red Hat would like to thank Ali Raza for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-04-09T15:36:22.355Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/07/4"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/07/14"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/08/9"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/09/5"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/09/6"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4878",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-09T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-10T03:56:06.647Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.1"
          ],
          "defaultStatus": "affected",
          "packageName": "libcap",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.69-7.el10_1.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.2"
          ],
          "defaultStatus": "affected",
          "packageName": "libcap",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.69-7.el10_2.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux_eus:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "libcap",
          "product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.69-7.el10_0.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libcap",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.48-6.el8_10.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libcap",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.48-10.el9_7.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libcap",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.48-10.el9_8.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libcap",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.48-10.el9_7.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libcap",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.48-10.el9_8.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream",
            "cpe:/o:redhat:rhel_e4s:9.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libcap",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.48-9.el9_2.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream",
            "cpe:/o:redhat:rhel_eus:9.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libcap",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.48-9.el9_4.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.6::appstream",
            "cpe:/o:redhat:rhel_eus:9.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "libcap",
          "product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.48-9.el9_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "discovery/discovery-server-rhel9",
          "product": "Red Hat Discovery 2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1778101579",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "discovery/discovery-ui-rhel9",
          "product": "Red Hat Discovery 2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1778156756",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:hummingbird:1"
          ],
          "defaultStatus": "affected",
          "packageName": "libcap-main",
          "product": "Red Hat Hardened Images",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2.78-1.1.hum1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:insights_proxy:1.5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "insights-proxy/insights-proxy-container-rhel9",
          "product": "Red Hat Insights proxy 1.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1780420428",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/opentelemetry-collector-rhel9",
          "product": "Red Hat OpenShift distributed tracing 3.9.3",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1778056267",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/opentelemetry-rhel9-operator",
          "product": "Red Hat OpenShift distributed tracing 3.9.3",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1778056233",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhosdt/opentelemetry-target-allocator-rhel9",
          "product": "Red Hat OpenShift distributed tracing 3.9.3",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1778056245",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhui:5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhui5/cds-rhel9",
          "product": "Red Hat Update Infrastructure 5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1779798159",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhui:5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhui5/haproxy-rhel9",
          "product": "Red Hat Update Infrastructure 5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1779798164",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhui:5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhui5/installer-rhel9",
          "product": "Red Hat Update Infrastructure 5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1779798165",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhui:5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhui5/rhua-rhel9",
          "product": "Red Hat Update Infrastructure 5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1779798222",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "compat-libcap1",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libcap",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "compat-libcap1",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "libcap",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Ali Raza for reporting this issue."
        }
      ],
      "datePublic": "2026-04-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "Time-of-check Time-of-use (TOCTOU) Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-02T18:39:46.461Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:12423",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:12423"
        },
        {
          "name": "RHSA-2026:12441",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:12441"
        },
        {
          "name": "RHSA-2026:13285",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:13285"
        },
        {
          "name": "RHSA-2026:14162",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:14162"
        },
        {
          "name": "RHSA-2026:14937",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:14937"
        },
        {
          "name": "RHSA-2026:19130",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19130"
        },
        {
          "name": "RHSA-2026:19346",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19346"
        },
        {
          "name": "RHSA-2026:19456",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19456"
        },
        {
          "name": "RHSA-2026:19458",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19458"
        },
        {
          "name": "RHSA-2026:20595",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:20595"
        },
        {
          "name": "RHSA-2026:21254",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:21254"
        },
        {
          "name": "RHSA-2026:21275",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:21275"
        },
        {
          "name": "RHSA-2026:22634",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:22634"
        },
        {
          "name": "RHSA-2026:7473",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:7473"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-4878"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447554"
        },
        {
          "name": "RHBZ#2451615",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451615"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-26T06:56:21.213Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-04-06T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-4878",
    "datePublished": "2026-04-09T14:49:02.942Z",
    "dateReserved": "2026-03-26T06:32:41.308Z",
    "dateUpdated": "2026-06-02T18:39:46.461Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1267

CVE-2025-69277 (GCVE-0-2025-69277)

CVE-2026-2100 (GCVE-0-2026-2100)

CVE-2026-41989 (GCVE-0-2026-41989)

CVE-2026-4878 (GCVE-0-2026-4878)

Tags

Sightings

Nomenclature