Platform
macos
Component
clearancekit
Fixed in
5.0.5
ClearanceKit is a macOS tool designed to intercept and enforce file-system access policies, providing enhanced security for applications. A vulnerability existed where the Endpoint Security event handler failed to validate the destination path in dual-path file operations, enabling local processes to circumvent file-access protection. This issue impacts versions 0.0.0 through 5.0.4-beta-1f46165, and a patch is available in version 5.0.4-beta-1f46165.
CVE-2026-40191 affects ClearanceKit, a macOS security tool that controls file access. Prior to version 5.0.4-beta-1f46165, ClearanceKit’s Endpoint Security event handler only checked the source path of dual-path file operations (such as rename, link, copyfile, exchangedata, or clone) against File Access Authorization (FAA) rules and App Jail policies. The destination path was ignored. This allowed any local process to bypass file-access protection by moving or replacing files maliciously. An attacker could, for example, copy a malicious file to a protected location, evading ClearanceKit’s implemented access restrictions. The risk is particularly high in environments where ClearanceKit is used to harden the security of sensitive applications or processes.
The vulnerability is exploited by leveraging the lack of destination path validation in dual-path file operations. A local attacker with system access can use commands like mv, ln, cp, exchangedata, or clone to move or replace files in protected locations, bypassing ClearanceKit’s protections. No network access is required to exploit this vulnerability, making it particularly concerning in local environments. The complexity of exploitation is relatively low, as the necessary commands are standardly available on macOS. The likelihood of exploitation is high, given ClearanceKit’s use in security-sensitive environments and the ease of exploitation.
Exploit Status
EPSS
0.01% (3% percentile)
CISA SSVC
The solution for CVE-2026-40191 is to update ClearanceKit to version 5.0.4-beta-1f46165 or later. This update corrects the vulnerability by including the destination path in file access checks. It is recommended to apply this update as soon as possible, especially on systems where ClearanceKit is used to protect critical data or processes. Verify the integrity of the downloaded update to ensure it hasn't been tampered with. Additionally, review your FAA and App Jail policies to ensure they are configured optimally to mitigate any residual risk. The update is available through ClearanceKit’s regular distribution channels.
Actualice ClearanceKit a la versión 5.0.4-beta-1f46165 o superior para corregir la vulnerabilidad. Esta actualización corrige la forma en que ClearanceKit maneja los eventos de acceso a archivos de doble vía, asegurando que tanto la ruta de origen como la de destino se verifiquen contra las políticas de acceso.
Vulnerability analysis and critical alerts directly to your inbox.
ClearanceKit is a macOS security tool that controls file access and hardens the security of applications.
While no active exploits have been reported, the vulnerability is easily exploitable and represents a potential risk.
The update is available through ClearanceKit’s regular distribution channels.
Review your FAA and App Jail policies to mitigate any residual risk. Monitor your system for suspicious activity.
The vulnerability affects macOS versions where ClearanceKit is installed and versions prior to 5.0.4-beta-1f46165.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.