Description
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed (MDM-delivered) and user-defined file-access rules were not applied until the user interacted with policies through the GUI, triggering a policy mutation over XPC. This issue has been patched in version 4.2.14.
Published: 2026-03-31
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized File System Access
Action: Apply Patch
AI Analysis

Impact

ClearanceKit monitors file‑system activity on macOS and applies per‑process access rules. Before version 4.2.14, a startup condition allowed only a default rule to be active; policy rules delivered by mobile‑device management or set by a user were not enforced until a user interacted with the software through its GUI. During this window, applications could read or modify files that should have been blocked, giving an attacker local authority to bypass intended controls. This flaw represents a failure of access‑control enforcement.

Affected Systems

The problem affects macOS installations that run ClearanceKit by craigjbass prior to version 4.2.14. Any system that uses managed or user‑defined file‑access policies is vulnerable during startup or until a policy change is triggered.

Risk and Exploitability

The vulnerability carries a base score of 6.3, indicating moderate severity. An attacker with local access can exploit the gap by running or launching processes before the policy engine fully initializes. The issue is not currently listed in CISA’s Known Exploited Vulnerability catalog. A patch that activates rules immediately on startup has been released in version 4.2.14, removing the window of exposed access.

Generated by OpenCVE AI on March 31, 2026 at 16:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade ClearanceKit to version 4.2.14 or later
  • Confirm that the new version is correctly installed and running
  • Verify that managed and user rules are enforced at startup

Generated by OpenCVE AI on March 31, 2026 at 16:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Craigjbass
Craigjbass clearancekit
Vendors & Products Craigjbass
Craigjbass clearancekit

Tue, 31 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
Description ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed (MDM-delivered) and user-defined file-access rules were not applied until the user interacted with policies through the GUI, triggering a policy mutation over XPC. This issue has been patched in version 4.2.14.
Title ClearanceKit: Managed and user-defined policy rules not enforced between opfilter start and first policy modification
Weaknesses CWE-269
References
Metrics cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N'}

Subscriptions

Craigjbass Clearancekit
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-02T15:18:12.722Z

Reserved: 2026-03-26T15:57:52.324Z

Link: CVE-2026-34218

cve-icon Vulnrichment

Updated: 2026-04-02T15:18:03.648Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-31T16:16:31.670

Modified: 2026-04-02T16:16:23.180

Link: CVE-2026-34218

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:38:08Z

Weaknesses