CVE-2026-40191

N/A Unknown
Published: April 10, 2026 Modified: April 10, 2026
View on NVD

Description

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization (FAA) rules and App Jail policies. The destination path was ignored entirely. This allowed any local process to bypass file-access protection by using rename, link, copyfile, exchangedata, or clone operations to place or replace files inside protected directories. This vulnerability is fixed in 5.0.4-beta-1f46165.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/craigjbass/clearancekit/releases/tag/v5.0.4-1f46165
Source: security-advisories@github.com
https://github.com/craigjbass/clearancekit/security/advisories/GHSA-92f3-38m7-579h
Source: security-advisories@github.com

2 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-863

Related CVEs

CVE-2026-40199 N/A
CVE-2026-40198 N/A
CVE-2026-33119 5.4
CVE-2026-33118 4.3
CVE-2026-5724 N/A