CVE-2026-33632
HIGHClearanceKit: opfilter policy bypass via exchangedata and clone operations
Title source: cnaDescription
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.4, two file operation event types — ES_EVENT_TYPE_AUTH_EXCHANGEDATA and ES_EVENT_TYPE_AUTH_CLONE — were not intercepted by ClearanceKit's opfilter system extension, allowing local processes to bypass file access policies. Commit 6181c4a patches the vulnerability by subscribing to both event types and routing them through the existing policy evaluator. Users must upgrade to v4.2.4 or later and reactivate the system extension.
References (2)
Core 2
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/craigjbass/clearancekit/security/advisories/GHSA-wpxj-vhfp-hhvm
X_Refsource_Misc x_refsource_misc
https://github.com/craigjbass/clearancekit/commit/6181c4a22eccbeca973c77f4bd023eb795c13786
Scores
CVSS v3
7.8
EPSS
0.0010
EPSS Percentile
1.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-862
Status
published
Products (1)
craigjbass/clearancekit
< 4.2.4 (2 CPE variants)
Published
Mar 26, 2026
Tracked Since
Mar 27, 2026