In the Linux kernel, the following vulnerability has been resolved:
audit: fix incorrect inheritable capability in CAPSET records
_auditlogcapset() records the effective capability set into the inheritable field due to a copy-paste error. Every CAPSET audit record therefore reports cappi (process inheritable) with the value of capeffective instead of capinheritable.
This silently corrupts audit data used for compliance and forensic analysis: an attacker who modifies inheritable capabilities to prepare for a privilege-escalating exec would have the change masked in the audit trail.
The bug has been present since the original introduction of CAPSET audit records in 2008.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53287.json",
"cna_assigner": "Linux"
}