CVE-2026-34218
Received Received - Intake
Startup Policy Enforcement Bypass in ClearanceKit macOS File Access

Publication date: 2026-03-31

Last updated on: 2026-04-06

Assigner: GitHub, Inc.

Description
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed (MDM-delivered) and user-defined file-access rules were not applied until the user interacted with policies through the GUI, triggering a policy mutation over XPC. This issue has been patched in version 4.2.14.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-31
Last Modified
2026-04-06
Generated
2026-06-16
AI Q&A
2026-03-31
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34218
EUVD
EUVD-2026-17484
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
craigjbass clearancekit to 4.2.14 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-34218 is a vulnerability in ClearanceKit versions prior to 4.2.14 where, during startup, only a single compile-time baseline file-access rule was enforced. Managed (MDM-delivered) and user-defined file-access rules were not applied until the user interacted with the GUI to trigger a policy update. This happened because the policy application functions were called before the Endpoint Security (ES) client was initialized, causing the system to operate with incomplete policy enforcement. Additionally, no cache clearing occurred on startup, which worsened the issue by serving cached authorization decisions that did not reflect the full policy set.

The vulnerability window could last indefinitely on systems where policies were rarely modified, including headless deployments, allowing unauthorized local processes to bypass managed and user-defined file-access policies.

Impact Analysis

During the vulnerability window at startup, all file-access paths protected by managed or user-defined rules were effectively unprotected, allowing any local process to read or write those files without restriction.

Only the baseline rule protecting ClearanceKit’s own policy storage directory was enforced, while jail rules were also not applied, permitting processes that should have been confined to operate without restrictions.

This can lead to unauthorized access and modification of sensitive files, posing a significant security risk especially in environments relying on ClearanceKit for access control.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade ClearanceKit to version 4.2.14 or later, where the issue has been patched.

The fix ensures that all managed and user-defined file-access policies are applied immediately at startup by calling policy application functions only after the Endpoint Security (ES) client is initialized.

Additionally, the fix issues an es_clear_cache command on the ES clients during startup to refresh the policy cache, preventing stale or incomplete policy enforcement.

Compliance Impact

This vulnerability allows unauthorized local processes to bypass managed and user-defined file-access policies until a policy mutation occurs. During the enforcement window, all file-access paths protected by managed or user-defined rules were effectively unprotected, allowing any process to read or write those files.

Such unauthorized access to protected files can lead to violations of confidentiality and integrity requirements mandated by common standards and regulations like GDPR and HIPAA, which require strict access controls to sensitive data.

Because the vulnerability could persist indefinitely on systems without frequent policy updates, it poses a significant risk of non-compliance with these regulations until the issue is patched or a policy mutation triggers enforcement.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34218. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart