Platform
macos
Component
clearancekit
Fixed in
4.2.1
CVE-2026-33631 describes a file access policy bypass vulnerability in ClearanceKit. This flaw allows locally running processes to circumvent configured file access policies, potentially leading to unauthorized data access or modification. This affects ClearanceKit versions on the 4.1 branch and earlier (<=4.2). The issue is resolved in ClearanceKit version 4.2.
CVE-2026-33631 in ClearanceKit, a macOS security tool, allows local processes to bypass configured file access policies. ClearanceKit utilizes an 'opfilter' system extension to intercept and control file access. Previously, it only intercepted 'ESEVENTTYPEAUTHOPEN' events, ignoring seven additional file operation event types. This meant a malicious process on the system could access files without ClearanceKit detecting or preventing it, violating configured access control policies. The CVSS severity is 8.7, indicating a high risk. This vulnerability affects ClearanceKit versions on the 4.1 branch and earlier.
A local attacker with access to the vulnerable macOS system can exploit this vulnerability. The attacker can create a malicious process that performs file operations not intercepted by ClearanceKit in affected versions. This allows the attacker to read, write, or modify files without proper authorization, potentially compromising the confidentiality, integrity, or availability of data. The lack of detection by ClearanceKit makes it difficult to identify and prevent this type of attack. The complexity of exploitation is relatively low, requiring only the execution of a local process.
Exploit Status
EPSS
0.01% (2% percentile)
CISA SSVC
CVSS Vector
The solution to CVE-2026-33631 is to update ClearanceKit to the latest version (post 4.1 branch). The update includes subscriptions for all seven previously ignored file operation event types. This ensures ClearanceKit correctly intercepts and applies file access policies for all operations, mitigating the risk of bypass. Users of ClearanceKit are strongly advised to update their software as soon as possible to protect their systems from potential attacks. Check the ClearanceKit release page for the latest update instructions.
Update ClearanceKit to version 4.2 or later. This version fixes the vulnerability by intercepting all file system access event types and applying the configured access policy.
Vulnerability analysis and critical alerts directly to your inbox.
ClearanceKit is a macOS security tool that intercepts and controls file access, enforcing access control policies.
ClearanceKit versions on the 4.1 branch and earlier are vulnerable to this vulnerability.
Update to the latest available version on the ClearanceKit release page. Follow the provided instructions for the update.
If you cannot update immediately, consider implementing additional security measures, such as strengthening access control policies and monitoring system activity for suspicious behavior.
While there isn't a specific tool, verifying the installed ClearanceKit version is sufficient to determine vulnerability.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.