Inheritable Capability Corruption in Linux Kernel Audit Records
CVE-2026-53287

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 26 June 2026

What is CVE-2026-53287?

A vulnerability in the Linux kernel's audit logging system has been identified, where the process inheritable capability is incorrectly recorded due to a copy-paste error. This flaw results in audit records reporting the effective capability set instead of the intended inheritable set. Consequently, this can lead to the manipulation of the audit trail, allowing potential attackers to mask unauthorized changes to inheritable capabilities, thereby facilitating privilege escalation efforts without detection. This bug has persisted since the inception of CAPSET audit records in 2008, compromising the integrity of compliance and forensic analyses reliant on accurate audit data.

Affected Version(s)

Linux e68b75a027bb94066576139ee33676264f867b87 < 75bd76c9eb2de9afeca03dc5152ebca5fb8fc816

Linux e68b75a027bb94066576139ee33676264f867b87

Linux e68b75a027bb94066576139ee33676264f867b87 < 95de7bb4bf535a9288549d401ebde83cdcbf2792

References

https://git.kernel.org/stable/c/75bd76c9eb2de9afeca03dc51...

https://git.kernel.org/stable/c/febb4bf373ac565d3fb8d1f42...

https://git.kernel.org/stable/c/95de7bb4bf535a9288549d401...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53287 Data

JSON