CVE-2026-40191: CWE-863: Incorrect Authorization in craigjbass clearancekit
CVE-2026-40191 is an incorrect authorization vulnerability in clearancekit versions prior to 5. 0. 4-beta-1f46165 on macOS. The vulnerability arises because the software only checked the source path of dual-path file operations against access policies, ignoring the destination path. This allowed local processes with limited privileges to bypass file-access protections by performing operations such as rename, link, copyfile, exchangedata, or clone to place or replace files in protected directories. The issue is fixed in version 5. 0. 4-beta-1f46165. The vulnerability has a medium severity rating with a CVSS score of 6. 8.
AI Analysis
Technical Summary
ClearanceKit is a macOS endpoint security tool that enforces per-process file access policies by intercepting file-system access events. Prior to version 5.0.4-beta-1f46165, its event handler only validated the source path in dual-path file operations against File Access Authorization rules and App Jail policies, neglecting to check the destination path. This flaw allowed local processes with limited privileges to circumvent file access restrictions by using file operations that affect both source and destination paths (e.g., rename, link, copyfile, exchangedata, clone) to place or overwrite files within protected directories. The vulnerability is identified as CWE-863 (Incorrect Authorization) and is resolved in version 5.0.4-beta-1f46165.
Potential Impact
An attacker with local, low-privilege access can bypass file access protections enforced by clearancekit on macOS, potentially placing or replacing files in directories that should be protected. This could lead to unauthorized modification or replacement of files, impacting system integrity or security. There are no known exploits in the wild at this time.
Mitigation Recommendations
Upgrade clearancekit to version 5.0.4-beta-1f46165 or later, where this vulnerability is fixed. Since no official patch or remediation level is explicitly provided beyond this version update, applying this version is the recommended remediation. Patch status is not explicitly confirmed beyond the version fix; verify with the vendor for the latest advisory and remediation guidance.
CVE-2026-40191: CWE-863: Incorrect Authorization in craigjbass clearancekit
Description
CVE-2026-40191 is an incorrect authorization vulnerability in clearancekit versions prior to 5. 0. 4-beta-1f46165 on macOS. The vulnerability arises because the software only checked the source path of dual-path file operations against access policies, ignoring the destination path. This allowed local processes with limited privileges to bypass file-access protections by performing operations such as rename, link, copyfile, exchangedata, or clone to place or replace files in protected directories. The issue is fixed in version 5. 0. 4-beta-1f46165. The vulnerability has a medium severity rating with a CVSS score of 6. 8.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
ClearanceKit is a macOS endpoint security tool that enforces per-process file access policies by intercepting file-system access events. Prior to version 5.0.4-beta-1f46165, its event handler only validated the source path in dual-path file operations against File Access Authorization rules and App Jail policies, neglecting to check the destination path. This flaw allowed local processes with limited privileges to circumvent file access restrictions by using file operations that affect both source and destination paths (e.g., rename, link, copyfile, exchangedata, clone) to place or overwrite files within protected directories. The vulnerability is identified as CWE-863 (Incorrect Authorization) and is resolved in version 5.0.4-beta-1f46165.
Potential Impact
An attacker with local, low-privilege access can bypass file access protections enforced by clearancekit on macOS, potentially placing or replacing files in directories that should be protected. This could lead to unauthorized modification or replacement of files, impacting system integrity or security. There are no known exploits in the wild at this time.
Mitigation Recommendations
Upgrade clearancekit to version 5.0.4-beta-1f46165 or later, where this vulnerability is fixed. Since no official patch or remediation level is explicitly provided beyond this version update, applying this version is the recommended remediation. Patch status is not explicitly confirmed beyond the version fix; verify with the vendor for the latest advisory and remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-09T20:59:17.620Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d95f431cc7ad14dae72c3f
Added to database: 4/10/2026, 8:36:19 PM
Last enriched: 4/10/2026, 8:50:48 PM
Last updated: 4/10/2026, 11:22:38 PM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.