{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34218", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-26T15:57:52.324Z", "datePublished": "2026-03-31T15:13:03.641Z", "dateUpdated": "2026-04-02T15:18:12.722Z"}, "containers": {"cna": {"title": "ClearanceKit: Managed and user-defined policy rules not enforced between opfilter start and first policy modification", "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "lang": "en", "description": "CWE-269: Improper Privilege Management", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/craigjbass/clearancekit/security/advisories/GHSA-fpmv-5wgw-qhhr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/craigjbass/clearancekit/security/advisories/GHSA-fpmv-5wgw-qhhr"}, {"name": "https://github.com/craigjbass/clearancekit/commit/56d617b778c571e3c29b803636d9807940992daa", "tags": ["x_refsource_MISC"], "url": "https://github.com/craigjbass/clearancekit/commit/56d617b778c571e3c29b803636d9807940992daa"}, {"name": "https://github.com/craigjbass/clearancekit/commit/ddfdacb2633681bbd9c2f41dbd536ea039386628", "tags": ["x_refsource_MISC"], "url": "https://github.com/craigjbass/clearancekit/commit/ddfdacb2633681bbd9c2f41dbd536ea039386628"}], "affected": [{"vendor": "craigjbass", "product": "clearancekit", "versions": [{"version": "< 4.2.14", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T15:13:03.641Z"}, "descriptions": [{"lang": "en", "value": "ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed (MDM-delivered) and user-defined file-access rules were not applied until the user interacted with policies through the GUI, triggering a policy mutation over XPC. This issue has been patched in version 4.2.14."}], "source": {"advisory": "GHSA-fpmv-5wgw-qhhr", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T15:17:24.771440Z", "id": "CVE-2026-34218", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T15:18:12.722Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-34218", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-02T15:17:24.771440Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T15:18:03.648Z"}}], "cna": {"title": "ClearanceKit: Managed and user-defined policy rules not enforced between opfilter start and first policy modification", "source": {"advisory": "GHSA-fpmv-5wgw-qhhr", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "craigjbass", "product": "clearancekit", "versions": [{"status": "affected", "version": "< 4.2.14"}]}], "references": [{"url": "https://github.com/craigjbass/clearancekit/security/advisories/GHSA-fpmv-5wgw-qhhr", "name": "https://github.com/craigjbass/clearancekit/security/advisories/GHSA-fpmv-5wgw-qhhr", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/craigjbass/clearancekit/commit/56d617b778c571e3c29b803636d9807940992daa", "name": "https://github.com/craigjbass/clearancekit/commit/56d617b778c571e3c29b803636d9807940992daa", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/craigjbass/clearancekit/commit/ddfdacb2633681bbd9c2f41dbd536ea039386628", "name": "https://github.com/craigjbass/clearancekit/commit/ddfdacb2633681bbd9c2f41dbd536ea039386628", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed (MDM-delivered) and user-defined file-access rules were not applied until the user interacted with policies through the GUI, triggering a policy mutation over XPC. This issue has been patched in version 4.2.14."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269: Improper Privilege Management"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T15:13:03.641Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34218", "state": "PUBLISHED", "dateUpdated": "2026-04-02T15:18:12.722Z", "dateReserved": "2026-03-26T15:57:52.324Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-31T15:13:03.641Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:craigjbass:clearancekit:*:*:*:*:*:*:*:*", "matchCriteriaId": "F20C94B6-2258-4687-93B0-D09E08F23C03", "versionEndExcluding": "4.2.14", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed (MDM-delivered) and user-defined file-access rules were not applied until the user interacted with policies through the GUI, triggering a policy mutation over XPC. This issue has been patched in version 4.2.14."}], "id": "CVE-2026-34218", "lastModified": "2026-04-06T15:04:33.150", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-31T16:16:31.670", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/craigjbass/clearancekit/commit/56d617b778c571e3c29b803636d9807940992daa"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/craigjbass/clearancekit/commit/ddfdacb2633681bbd9c2f41dbd536ea039386628"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/craigjbass/clearancekit/security/advisories/GHSA-fpmv-5wgw-qhhr"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.2.14)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "clearancekit", "source": "cna", "vendor": "craigjbass"}, "product": "clearancekit", "vendor": "craigjbass"}], "analysis": {"en": {"generated_at": "2026-04-06T17:44:24.457890+00:00", "value": {"mitigation_remediation": ["Update ClearanceKit to version\u202f4.2.14 or later, which includes the patch for the policy\u2011enforcement defect.", "Verify the installed clearancekit version to confirm the update.", "As a temporary measure, disable ClearanceKit or restrict its runtime until the patch is applied.", "Review file\u2011system access logs for any unauthorized activity during the vulnerable window."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized Data Access"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the macOS version of ClearanceKit distributed by craigjbass. Any installation prior to version\u202f4.2.14 is affected. The product is used to enforce per\u2011process file\u2011system access controls.", "description_and_impact": "ClearanceKit intercepts file\u2011system access events on macOS. Prior to version\u202f4.2.14 the opfilter started enforcing only a single compile\u2011time baseline rule, leaving all MDM\u2011delivered and user\u2011defined file\u2011access policies inactive until the user first interacted with the GUI. This allowed processes to read, write, or delete files outside the intended scope, potentially enabling data theft or manipulation. The weakness is a privilege escalation issue (CWE\u2011269).", "risk_and_exploitability": "The CVSS base score is 6.3, indicating moderate severity. The EPSS score is below 1\u202f%, suggesting a low probability of exploitation. The vulnerability is not listed in CISA\u2019s KEV catalog. Attackers would need local access to a macOS machine running ClearanceKit before the policy is modified, and can exploit the window between service start and first GUI interaction to access files that should be protected."}}}}, "created": "2026-03-31T19:54:12.623379+00:00", "updated": "2026-04-07T08:08:03.302864+00:00", "vendors": ["craigjbass", "craigjbass$PRODUCT$clearancekit"]}