CVE-2026-40604
Published:April 21, 2026
Updated:April 25, 2026
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.6, the opfilter Endpoint Security system extension (bundle ID uk.craigbass.clearancekit.opfilter) can be suspended with SIGSTOP or kill -STOP, or killed with SIGKILL/SIGTERM, by any process running as root. While the extension is suspended, all AUTH Endpoint Security events time out and default to allow, silently disabling ClearanceKit's file-access policy enforcement for the duration of the suspension. This vulnerability is fixed in 5.0.6.
Affected Packages
https://github.com/craigjbass/clearancekit.git (GITHUB):
Affected version(s) >=v3.1-a563b4b <5.0.6Fix Suggestion:
Update to version 5.0.6github.com/craigjbass/clearancekit (SWIFT):
Affected version(s) >=v3.1-a563b4b <5.0.6Fix Suggestion:
Update to version 5.0.6Related ResourcesĀ (1)
Do you need more information?
Contact UsCVSS v4
Base Score:
8.2
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
HIGH
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
HIGH
Subsequent System Availability
NONE
CVSS v3
Base Score:
6
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
Protection Mechanism Failure
EPSS
Base Score:
0.02
