Vulnerability Description
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.6, the opfilter Endpoint Security system extension (bundle ID uk.craigbass.clearancekit.opfilter) can be suspended with SIGSTOP or kill -STOP, or killed with SIGKILL/SIGTERM, by any process running as root. While the extension is suspended, all AUTH Endpoint Security events time out and default to allow, silently disabling ClearanceKit's file-access policy enforcement for the duration of the suspension. This vulnerability is fixed in 5.0.6.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Craigjbass | Clearancekit | < 5.0.6 |
| Apple | Macos | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-40604?
CVE-2026-40604 is a vulnerability with a CVSS score of 4.4 (MEDIUM). ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.6, the opfilter Endpoint Security system extension (bundle ID uk.craigbass.clearanceki...
How severe is CVE-2026-40604?
CVE-2026-40604 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-40604?
Check the references section above for vendor advisories and patch information. Affected products include: Craigjbass Clearancekit, Apple Macos.