Severity: Unknown
Affected Package: kernel
Summary: sigqueue(2) is not restricted in capability mode
A process in Capsicum capability mode could use sigqueue(2) to send signals to processes other than itself, unlike the existing kill(2) restriction. This allowed a sandboxed process to signal arbitrary processes. Fixed by rejecting sigqueue(2) targeting other PIDs with ECAPMODE before normal signal permission checks.
No specific recommendations provided.
Aliases: CVE-2026-45259
Published: June 11, 2026
Last Modified: June 11, 2026