diff --git a/net/FakeSocket.hpp b/net/FakeSocket.hpp
index 823680cbab..7144967f75 100644
--- a/net/FakeSocket.hpp
+++ b/net/FakeSocket.hpp
@@ -18,9 +18,12 @@
 #include <poll.h>
 
 #ifndef __linux__
-#ifndef SOCK_NONBLOCK
-#define SOCK_NONBLOCK 0x100
-#endif
+#  ifndef SOCK_NONBLOCK
+#    define SOCK_NONBLOCK 0x100
+#  endif
+#  ifndef SOCK_CLOEXEC
+#    define SOCK_CLOEXEC 0x200
+#  endif
 #endif
 
 void fakeSocketSetLoggingCallback(void (*)(const std::string&));
diff --git a/net/NetUtil.cpp b/net/NetUtil.cpp
index 4f5836cf73..b92ad191cd 100644
--- a/net/NetUtil.cpp
+++ b/net/NetUtil.cpp
@@ -119,7 +119,7 @@ connect(const std::string& host, const std::string& port, const bool isSSL,
 
             if (ai->ai_addrlen && ai->ai_addr)
             {
-                int fd = ::socket(ai->ai_addr->sa_family, SOCK_STREAM | SOCK_NONBLOCK, 0);
+                int fd = ::socket(ai->ai_addr->sa_family, SOCK_STREAM | SOCK_NONBLOCK | SOCK_CLOEXEC, 0);
                 if (fd < 0)
                 {
                     LOG_SYS("Failed to create socket");
diff --git a/net/Socket.cpp b/net/Socket.cpp
index d6859b184b..30d34cb92e 100644
--- a/net/Socket.cpp
+++ b/net/Socket.cpp
@@ -72,7 +72,7 @@ int Socket::createSocket(Socket::Type type)
     default: assert(!"Unknown Socket::Type"); break;
     }
 
-    return socket(domain, SOCK_STREAM | SOCK_NONBLOCK, 0);
+    return socket(domain, SOCK_STREAM | SOCK_NONBLOCK | SOCK_CLOEXEC, 0);
 #else
     (void) type;
     return fakeSocketSocket();
@@ -587,7 +587,7 @@ bool SocketPoll::insertNewUnixSocket(
     const std::vector<int>* shareFDs)
 {
     LOG_DBG("Connecting to local UDS " << location);
-    const int fd = socket(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, 0);
+    const int fd = socket(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK | SOCK_CLOEXEC, 0);
     if (fd < 0)
     {
         LOG_SYS("Failed to connect to unix socket at " << location);
@@ -889,7 +889,7 @@ std::shared_ptr<Socket> ServerSocket::accept()
 
     struct sockaddr_in6 clientInfo;
     socklen_t addrlen = sizeof(clientInfo);
-    const int rc = ::accept4(getFD(), (struct sockaddr *)&clientInfo, &addrlen, SOCK_NONBLOCK);
+    const int rc = ::accept4(getFD(), (struct sockaddr *)&clientInfo, &addrlen, SOCK_NONBLOCK | SOCK_CLOEXEC);
 #else
     const int rc = fakeSocketAccept4(getFD());
 #endif
@@ -982,7 +982,7 @@ bool Socket::isLocal() const
 
 std::shared_ptr<Socket> LocalServerSocket::accept()
 {
-    const int rc = ::accept4(getFD(), nullptr, nullptr, SOCK_NONBLOCK);
+    const int rc = ::accept4(getFD(), nullptr, nullptr, SOCK_NONBLOCK | SOCK_CLOEXEC);
     try
     {
         LOG_DBG("Accepted prisoner socket #" << rc << ", creating socket object.");
diff --git a/test/helpers.hpp b/test/helpers.hpp
index 4bf568b146..e2d93e6a6b 100644
--- a/test/helpers.hpp
+++ b/test/helpers.hpp
@@ -271,7 +271,7 @@ inline int connectToLocalServer(int portNumber, int socketTimeOutMS, bool blocki
     int socketFD = 0;
     struct sockaddr_in serv_addr;
 
-    if ((socketFD = socket(AF_INET, SOCK_STREAM, 0)) < 0)
+    if ((socketFD = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0)) < 0)
     {
         LOG_ERR("helpers::connectToLocalServer: Server client could not be created.");
         return -1;