CVE-2026-40599

Vulnerability Description

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.5, ClearanceKit incorrectly treats a process with an empty Team ID and a non-empty Signing ID as an Apple platform binary. This bug allows a malicious software to impersonate an apple process in the global allowlist, and access all protected files. This vulnerability is fixed in 5.0.5.

Vulnerability Details

Published Date

April 21, 2026

Last Modified

April 22, 2026

CWE ID

CWE-863

Source

NVD

Vendor

craigjbass

Product

clearancekit

External References

https://github.com/craigjbass/clearancekit/security/advisories/GHSA-w253-42qp-5f2x

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment