Description

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization (FAA) rules and App Jail policies. The destination path was ignored entirely. This allowed any local process to bypass file-access protection by using rename, link, copyfile, exchangedata, or clone operations to place or replace files inside protected directories. This vulnerability is fixed in 5.0.4-beta-1f46165.

INFO

Published Date :

2026-04-10T20:19:35.909Z

Last Modified :

2026-04-10T20:19:35.909Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-40191 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-40191.

URL Resource
https://github.com/craigjbass/clearancekit/releases/tag/v5.0.4-1f46165 cve-icon cve-icon
https://github.com/craigjbass/clearancekit/security/advisories/GHSA-92f3-38m7-579h cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability