toctou race condition

CVE-2026-4878 in libcap is a local privilege-escalation flaw rooted in a TOCTOU race condition inside cap_set_file(), and Microsoft’s Security Update Guide classifies the downstream impact as serious enough to include high availability loss in its risk framing. The core concern is that a local...

Background Microsoft’s entry for CVE-2026-27456 describes a TOCTOU race condition in util-linux mount(8) during loop device setup, and the key severity nuance is that exploitation is not purely opportunistic. Microsoft’s wording says a successful attack depends on conditions beyond the...

A subtle race condition in the OpenPMIx library can allow a local attacker to take ownership of arbitrary files when privileged PMIx code runs as UID 0 — a vulnerability tracked as CVE-2023-41915 that was fixed in PMIx 4.2.6 and 5.0.1 but continues to demand urgent attention from administrators...

A time‑of‑check/time‑of‑use (TOCTOU) race condition in the Windows Installer service has been cataloged as CVE‑2026‑20816 and is being treated as a high‑priority local elevation‑of‑privilege (EoP) vulnerability that can allow an authorized local account to escalate to administrative or SYSTEM...