Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged
Filter by:
With package: libcap

Found 1 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-4878
6.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 5 days, 2 hours ago
Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.

Affected products

rhcos
libcap
compat-libcap1

Matching in nixpkgs

pkgs.libcap

Library for working with POSIX capabilities

  • nixos-unstable 2.77
    • nixpkgs-unstable 2.77
    • nixos-unstable-small 2.77
  • nixos-25.11 2.77
    • nixos-25.11-small 2.77
    • nixpkgs-25.11-darwin 2.77

pkgs.libcap_ng

Library for working with POSIX capabilities

  • nixos-unstable 0.9
    • nixpkgs-unstable 0.9
    • nixos-unstable-small 0.9
  • nixos-25.11 0.8.5
    • nixos-25.11-small 0.8.5
    • nixpkgs-25.11-darwin 0.8.5

pkgs.libcaption

Free open-source CEA608 / CEA708 closed-caption encoder/decoder

  • nixos-unstable 0.8
    • nixpkgs-unstable 0.8
    • nixos-unstable-small 0.8
  • nixos-25.11 0.8
    • nixos-25.11-small 0.8
    • nixpkgs-25.11-darwin 0.8

Package maintainers