CVE-2026-34218
Startup Policy Enforcement Bypass in ClearanceKit macOS File Access
Publication date: 2026-03-31
Last updated on: 2026-04-06
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| craigjbass | clearancekit | to 4.2.14 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-34218 is a vulnerability in ClearanceKit versions prior to 4.2.14 where, during startup, only a single compile-time baseline file-access rule was enforced. Managed (MDM-delivered) and user-defined file-access rules were not applied until the user interacted with the GUI to trigger a policy update. This happened because the policy application functions were called before the Endpoint Security (ES) client was initialized, causing the system to operate with incomplete policy enforcement. Additionally, no cache clearing occurred on startup, which worsened the issue by serving cached authorization decisions that did not reflect the full policy set.
The vulnerability window could last indefinitely on systems where policies were rarely modified, including headless deployments, allowing unauthorized local processes to bypass managed and user-defined file-access policies.
How can this vulnerability impact me? :
During the vulnerability window at startup, all file-access paths protected by managed or user-defined rules were effectively unprotected, allowing any local process to read or write those files without restriction.
Only the baseline rule protecting ClearanceKitβs own policy storage directory was enforced, while jail rules were also not applied, permitting processes that should have been confined to operate without restrictions.
This can lead to unauthorized access and modification of sensitive files, posing a significant security risk especially in environments relying on ClearanceKit for access control.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade ClearanceKit to version 4.2.14 or later, where the issue has been patched.
The fix ensures that all managed and user-defined file-access policies are applied immediately at startup by calling policy application functions only after the Endpoint Security (ES) client is initialized.
Additionally, the fix issues an es_clear_cache command on the ES clients during startup to refresh the policy cache, preventing stale or incomplete policy enforcement.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthorized local processes to bypass managed and user-defined file-access policies until a policy mutation occurs. During the enforcement window, all file-access paths protected by managed or user-defined rules were effectively unprotected, allowing any process to read or write those files.
Such unauthorized access to protected files can lead to violations of confidentiality and integrity requirements mandated by common standards and regulations like GDPR and HIPAA, which require strict access controls to sensitive data.
Because the vulnerability could persist indefinitely on systems without frequent policy updates, it poses a significant risk of non-compliance with these regulations until the issue is patched or a policy mutation triggers enforcement.