CVE-2026-40191

Name of the Vulnerable Software and Affected Versions ClearanceKit versions prior to 5.0.4-beta-1f46165

Description ClearanceKit monitors file system access on macOS and applies access policies per process. Before version 5.0.4-beta-1f46165, the Endpoint Security event handler only verified the source path of file operations (rename, link, copyfile, exchangedata, clone) against File Access Authorization (FAA) rules and App Jail policies, neglecting the destination path. This allowed local processes to circumvent file access restrictions by placing or replacing files within protected directories.

Recommendations Update to version 5.0.4-beta-1f46165 or later.