CVE-2026-40191
Received Received - Intake

Path Validation Bypass in ClearanceKit Enables Unauthorized File Access

Vulnerability report for CVE-2026-40191, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-10

Last updated on: 2026-04-10

Assigner: GitHub, Inc.

Description

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization (FAA) rules and App Jail policies. The destination path was ignored entirely. This allowed any local process to bypass file-access protection by using rename, link, copyfile, exchangedata, or clone operations to place or replace files inside protected directories. This vulnerability is fixed in 5.0.4-beta-1f46165.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-10
Last Modified
2026-04-10
Generated
2026-07-06
AI Q&A
2026-04-11
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
clearancekit clearancekit to 5.0.4-beta-1f46165 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in ClearanceKit versions prior to 5.0.4-beta-1f46165 on macOS. ClearanceKit intercepts file-system access events and enforces access policies per process. However, its Endpoint Security event handler only checked the source path of dual-path file operations against access rules and policies, completely ignoring the destination path.

Because the destination path was not checked, a local process could bypass file-access protections by using operations such as rename, link, copyfile, exchangedata, or clone to place or replace files inside protected directories.

This flaw allowed unauthorized modification or placement of files in protected areas, which was fixed in version 5.0.4-beta-1f46165.

Impact Analysis

This vulnerability can allow a local attacker or process with limited privileges to bypass file-access protections and place or replace files inside directories that are supposed to be protected.

Such unauthorized file modifications could lead to data integrity issues, unauthorized code execution, or compromise of system security by placing malicious files in sensitive locations.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade ClearanceKit to version 5.0.4-beta-1f46165 or later, where the issue has been fixed.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40191. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart