Vulnerability Details CVE-2026-40599
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.5, ClearanceKit incorrectly treats a process with an empty Team ID and a non-empty Signing ID as an Apple platform binary. This bug allows a malicious software to impersonate an apple process in the global allowlist, and access all protected files. This vulnerability is fixed in 5.0.5.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.2%
CVSS Severity
CVSS v3 Score 7.1
References
Products affected by CVE-2026-40599
-
cpe:2.3:a:craigjbass:clearancekit:*
-
cpe:2.3:o:apple:macos:-