CVE-2026-40191
Received Received - Intake
Path Validation Bypass in ClearanceKit Enables Unauthorized File Access

Publication date: 2026-04-10

Last updated on: 2026-04-10

Assigner: GitHub, Inc.

Description
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization (FAA) rules and App Jail policies. The destination path was ignored entirely. This allowed any local process to bypass file-access protection by using rename, link, copyfile, exchangedata, or clone operations to place or replace files inside protected directories. This vulnerability is fixed in 5.0.4-beta-1f46165.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-10
Last Modified
2026-04-10
Generated
2026-05-06
AI Q&A
2026-04-11
EPSS Evaluated
2026-05-05
NVD
CVE-2026-40191
EUVD
EUVD-2026-21595
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
clearancekit clearancekit to 5.0.4-beta-1f46165 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in ClearanceKit versions prior to 5.0.4-beta-1f46165 on macOS. ClearanceKit intercepts file-system access events and enforces access policies per process. However, its Endpoint Security event handler only checked the source path of dual-path file operations against access rules and policies, completely ignoring the destination path.

Because the destination path was not checked, a local process could bypass file-access protections by using operations such as rename, link, copyfile, exchangedata, or clone to place or replace files inside protected directories.

This flaw allowed unauthorized modification or placement of files in protected areas, which was fixed in version 5.0.4-beta-1f46165.


How can this vulnerability impact me? :

This vulnerability can allow a local attacker or process with limited privileges to bypass file-access protections and place or replace files inside directories that are supposed to be protected.

Such unauthorized file modifications could lead to data integrity issues, unauthorized code execution, or compromise of system security by placing malicious files in sensitive locations.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade ClearanceKit to version 5.0.4-beta-1f46165 or later, where the issue has been fixed.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart