CVE-2026-40191: CWE-863: Incorrect Authorization in craigjbass clearancekit
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization (FAA) rules and App Jail policies. The destination path was ignored entirely. This allowed any local process to bypass file-access protection by using rename, link, copyfile, exchangedata, or clone operations to place or replace files inside protected directories. This vulnerability is fixed in 5.0.4-beta-1f46165.
AI Analysis
Technical Summary
ClearanceKit versions before 5.0.4-beta-1f46165 on macOS enforce per-process file access policies by intercepting file-system access events. However, the Endpoint Security event handler only validated the source path against File Access Authorization rules and App Jail policies during dual-path file operations, neglecting to check the destination path. This flaw permitted local processes with limited privileges to circumvent file access restrictions by using file operations such as rename, link, copyfile, exchangedata, or clone to place or overwrite files within protected directories. The vulnerability is addressed in version 5.0.4-beta-1f46165.
Potential Impact
Exploitation of this vulnerability allows a local process with limited privileges to bypass file access protections and place or replace files inside directories that should be protected by ClearanceKit policies. This could lead to unauthorized modification or replacement of files within protected directories, potentially undermining system integrity or security controls. There are no known exploits in the wild at this time.
Mitigation Recommendations
A fix for this vulnerability is available in clearancekit version 5.0.4-beta-1f46165. Users should upgrade to this version or later to remediate the issue. Since the vendor advisory does not specify any temporary workarounds or alternative mitigations, applying the official update is the recommended action.
CVE-2026-40191: CWE-863: Incorrect Authorization in craigjbass clearancekit
Description
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization (FAA) rules and App Jail policies. The destination path was ignored entirely. This allowed any local process to bypass file-access protection by using rename, link, copyfile, exchangedata, or clone operations to place or replace files inside protected directories. This vulnerability is fixed in 5.0.4-beta-1f46165.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
ClearanceKit versions before 5.0.4-beta-1f46165 on macOS enforce per-process file access policies by intercepting file-system access events. However, the Endpoint Security event handler only validated the source path against File Access Authorization rules and App Jail policies during dual-path file operations, neglecting to check the destination path. This flaw permitted local processes with limited privileges to circumvent file access restrictions by using file operations such as rename, link, copyfile, exchangedata, or clone to place or overwrite files within protected directories. The vulnerability is addressed in version 5.0.4-beta-1f46165.
Potential Impact
Exploitation of this vulnerability allows a local process with limited privileges to bypass file access protections and place or replace files inside directories that should be protected by ClearanceKit policies. This could lead to unauthorized modification or replacement of files within protected directories, potentially undermining system integrity or security controls. There are no known exploits in the wild at this time.
Mitigation Recommendations
A fix for this vulnerability is available in clearancekit version 5.0.4-beta-1f46165. Users should upgrade to this version or later to remediate the issue. Since the vendor advisory does not specify any temporary workarounds or alternative mitigations, applying the official update is the recommended action.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-09T20:59:17.620Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d95f431cc7ad14dae72c3f
Added to database: 4/10/2026, 8:36:19 PM
Last enriched: 4/18/2026, 2:04:28 PM
Last updated: 5/26/2026, 1:42:08 AM
Views: 55
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.