CVE-2026-40604 HIGH

CVE-2026-40604: ClearanceKit: opfilter system extension can be suspended or signalled by a root process, disabling file-access policy enforcement

Vendor Craigjbass
Product clearancekit
Weakness CWE-693
Published April 21, 2026
Last update April 21, 2026

CVSS base score

8.2/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:H/SI:H/SA:N

What the vulnerability does

01Description

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.6, the opfilter Endpoint Security system extension (bundle ID uk.craigbass.clearancekit.opfilter) can be suspended with SIGSTOP or kill -STOP, or killed with SIGKILL/SIGTERM, by any process running as root. While the extension is suspended, all AUTH Endpoint Security events time out and default to allow, silently disabling ClearanceKit's file-access policy enforcement for the duration of the suspension. This vulnerability is fixed in 5.0.6.

Key dates

02Disclosure timeline

April 21, 2026 CVE published
April 21, 2026 Record updated

Related vulnerabilities

04Related CVE