CVE-2026-40191

ClearanceKit has a policy bypass via dual-path Endpoint Security events checking only source path

Assigner: GitHub_M
Reserved: 09.04.2026 Published: 10.04.2026 Updated: 10.04.2026

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization (FAA) rules and App Jail policies. The destination path was ignored entirely. This allowed any local process to bypass file-access protection by using rename, link, copyfile, exchangedata, or clone operations to place or replace files inside protected directories. This vulnerability is fixed in 5.0.4-beta-1f46165.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
CVSS Score: 6.8

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	None	Confidentiality	None
Attack Complexity	Low	Integrity	High	Integrity	None
Attack Requirements	None	Availability	None	Availability	None
Privileges Required	Low
User Interaction	None

CVSS 4.0

Product Status

Vendor	craigjbass
Product	clearancekit
Versions	Version < 5.0.4-beta-1f46165 is affected

Vendor

craigjbass

Product

clearancekit

Versions

Version < 5.0.4-beta-1f46165 is affected

References

Problem Types

CWE-863: Incorrect Authorization CWE

CVE-2026-40191 PUBLISHED

ClearanceKit has a policy bypass via dual-path Endpoint Security events checking only source path

Metrics

Product Status

References

Problem Types