ALPINE-CVE-2026-4878
- Source
- https://security.alpinelinux.org/vuln/CVE-2026-4878
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2026-4878.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/ALPINE-CVE-2026-4878
- Upstream
- Published
- 2026-04-09T16:16:31.987Z
- Modified
- 2026-04-28T08:32:47.237546Z
- Severity
-
- 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the
cap_set_file()function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation. - References
Affected packages
Alpine:v3.20 / libcap
Package
- Name
- libcap
- Purl
- pkg:apk/alpine/libcap?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.78-r0
Affected versions
2.*
2.16-r1
2.17-r0
2.19-r0
2.19-r1
2.19-r2
2.20-r0
2.21-r0
2.22-r0
2.22-r1
2.22-r2
2.22-r3
2.24-r0
2.24-r1
2.25-r0
2.25-r1
2.26-r0
2.27-r0
2.36-r0
2.37-r0
2.38-r0
2.39-r0
2.40-r0
2.41-r0
2.42-r0
2.43-r0
2.44-r0
2.45-r0
2.46-r0
2.47-r0
2.48-r0
2.49-r0
2.50-r0
2.51-r0
2.52-r0
2.53-r0
2.54-r0
2.55-r0
2.56-r0
2.57-r0
2.58-r0
2.59-r0
2.60-r0
2.61-r0
2.62-r0
2.63-r0
2.64-r0
2.64-r1
2.65-r0
2.65-r1
2.66-r0
2.67-r0
2.68-r0
2.68-r1
2.68-r2
2.68-r3
2.69-r0
2.69-r1
2.70-r0
Alpine:v3.21 / libcap
Package
- Name
- libcap
- Purl
- pkg:apk/alpine/libcap?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.78-r0
Affected versions
2.*
2.16-r1
2.17-r0
2.19-r0
2.19-r1
2.19-r2
2.20-r0
2.21-r0
2.22-r0
2.22-r1
2.22-r2
2.22-r3
2.24-r0
2.24-r1
2.25-r0
2.25-r1
2.26-r0
2.27-r0
2.36-r0
2.37-r0
2.38-r0
2.39-r0
2.40-r0
2.41-r0
2.42-r0
2.43-r0
2.44-r0
2.45-r0
2.46-r0
2.47-r0
2.48-r0
2.49-r0
2.50-r0
2.51-r0
2.52-r0
2.53-r0
2.54-r0
2.55-r0
2.56-r0
2.57-r0
2.58-r0
2.59-r0
2.60-r0
2.61-r0
2.62-r0
2.63-r0
2.64-r0
2.64-r1
2.65-r0
2.65-r1
2.66-r0
2.67-r0
2.68-r0
2.68-r1
2.68-r2
2.68-r3
2.69-r0
2.69-r1
2.70-r0
2.71-r0
Alpine:v3.22 / libcap
Package
- Name
- libcap
- Purl
- pkg:apk/alpine/libcap?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.78-r0
Affected versions
2.*
2.16-r1
2.17-r0
2.19-r0
2.19-r1
2.19-r2
2.20-r0
2.21-r0
2.22-r0
2.22-r1
2.22-r2
2.22-r3
2.24-r0
2.24-r1
2.25-r0
2.25-r1
2.26-r0
2.27-r0
2.36-r0
2.37-r0
2.38-r0
2.39-r0
2.40-r0
2.41-r0
2.42-r0
2.43-r0
2.44-r0
2.45-r0
2.46-r0
2.47-r0
2.48-r0
2.49-r0
2.50-r0
2.51-r0
2.52-r0
2.53-r0
2.54-r0
2.55-r0
2.56-r0
2.57-r0
2.58-r0
2.59-r0
2.60-r0
2.61-r0
2.62-r0
2.63-r0
2.64-r0
2.64-r1
2.65-r0
2.65-r1
2.66-r0
2.67-r0
2.68-r0
2.68-r1
2.68-r2
2.68-r3
2.69-r0
2.69-r1
2.70-r0
2.71-r0
2.73-r0
2.76-r0
Alpine:v3.23 / libcap
Package
- Name
- libcap
- Purl
- pkg:apk/alpine/libcap?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.78-r0
Affected versions
2.*
2.16-r1
2.17-r0
2.19-r0
2.19-r1
2.19-r2
2.20-r0
2.21-r0
2.22-r0
2.22-r1
2.22-r2
2.22-r3
2.24-r0
2.24-r1
2.25-r0
2.25-r1
2.26-r0
2.27-r0
2.36-r0
2.37-r0
2.38-r0
2.39-r0
2.40-r0
2.41-r0
2.42-r0
2.43-r0
2.44-r0
2.45-r0
2.46-r0
2.47-r0
2.48-r0
2.49-r0
2.50-r0
2.51-r0
2.52-r0
2.53-r0
2.54-r0
2.55-r0
2.56-r0
2.57-r0
2.58-r0
2.59-r0
2.60-r0
2.61-r0
2.62-r0
2.63-r0
2.64-r0
2.64-r1
2.65-r0
2.65-r1
2.66-r0
2.67-r0
2.68-r0
2.68-r1
2.68-r2
2.68-r3
2.69-r0
2.69-r1
2.70-r0
2.71-r0
2.73-r0
2.76-r0
2.77-r0