CVE-2026-40604

Name of the Vulnerable Software and Affected Versions ClearanceKit versions prior to 5.0.6

Description The opfilter Endpoint Security system extension (bundle ID 'uk.craigbass.clearancekit.opfilter') can be suspended using SIGSTOP or kill -STOP, or terminated using SIGKILL/SIGTERM, by any process with root privileges. When the extension is suspended, all AUTH Endpoint Security events time out and default to allow, which silently disables the enforcement of file-access policies.

Recommendations Update to version 5.0.6.