Skip to main content
CVE-2026-21916 HIGH PATCH This Week

Symbolic link manipulation in Juniper Networks Junos OS CLI enables authenticated local attackers with low privileges to escalate to root access. Exploitation requires two users: the first performs a 'file link ...' CLI operation, then after the second user commits unrelated configuration changes, the first user can authenticate as root, achieving full system compromise. Affects Junos OS versions across 23.2, 23.4, 24.2, 24.4, and 25.2 release trains prior to specified patch levels. No public exploit identified at time of analysis.

Privilege Escalation Juniper
NVD VulDB
CVSS 4.0
7.0
EPSS
0.0%
CVE-2026-4878 HIGH PATCH This Week

Local privilege escalation in libcap's cap_set_file() function affects Red Hat Enterprise Linux 6 through 10 and OpenShift Container Platform 4, where a TOCTOU race condition allows an unprivileged user with write access to a parent directory to redirect file capability updates onto an attacker-controlled file. Successful exploitation can inject or strip Linux file capabilities on arbitrary executables, yielding full privilege escalation on the host. No public exploit identified at time of analysis and EPSS is 0.01%, but a vendor patch is available.

Privilege Escalation Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +2
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy