← All CVEs

CVE-2026-53287

N/A

Published 2026-06-26 · Last modified 2026-06-26

In the Linux kernel, the following vulnerability has been resolved: audit: fix incorrect inheritable capability in CAPSET records __audit_log_capset() records the effective capability set into the inheritable field due to a copy-paste error. Every CAPSET audit record therefore reports cap_pi (process inheritable) with the value of cap_effective instead of cap_inheritable. This silently corrupts audit data used for compliance and forensic analysis: an attacker who modifies inheritable capabilities to prepare for a privilege-escalating exec would have the change masked in the audit trail. The bug has been present since the original introduction of CAPSET audit records in 2008.

NO EXPLOITATION SIGNALS

No known exploitation, public exploit, or elevated probability at this time. Track for changes.

Exploitation likelihood

0.2%chance of exploitation in 30 days · 7th percentile

○ In CISA KEV ○ Public exploit / PoC

Impact if exploited

CVSS · not scored

  • No impact metrics

Affected

Vendors Linux

Products Linux

Weakness (CWE)

Not classified.

CVSS vector

Not yet scored.

Sources: NVD · CVE.org · EPSS