Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionGitHub Advisory
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.6, the opfilter Endpoint Security system extension (bundle ID uk.craigbass.clearancekit.opfilter) can be suspended with SIGSTOP or kill -STOP, or killed with SIGKILL/SIGTERM, by any process running as root. While the extension is suspended, all AUTH Endpoint Security events time out and default to allow, silently disabling ClearanceKit's file-access policy enforcement for the duration of the suspension. This vulnerability is fixed in 5.0.6.
AnalysisAI
Local privilege escalation in ClearanceKit opfilter system extension allows root-level processes on macOS to completely bypass file-access policy enforcement by suspending or killing the Endpoint Security extension. An attacker with root access can send SIGSTOP to the uk.craigbass.clearancekit.opfilter extension, causing all AUTH events to time out and silently default to allow, effectively disabling all ClearanceKit file-access controls. This represents a critical security control bypass for environments relying on ClearanceKit for file-system access restrictions. Fixed in version 5.0.6. No public exploit identified at time of analysis, though exploitation is straightforward for any attacker who has already achieved root access on the macOS system.
Technical ContextAI
ClearanceKit implements a macOS Endpoint Security system extension (bundle ID uk.craigbass.clearancekit.opfilter) that intercepts file-system access events and enforces per-process access policies. The vulnerability stems from insufficient protection against signal-based process control (CWE-693: Protection Mechanism Failure). macOS Endpoint Security extensions handle authorization events synchronously - when the extension is suspended via SIGSTOP or terminated with SIGKILL/SIGTERM, pending AUTH events time out. The macOS Endpoint Security framework defaults to 'allow' on timeout to prevent system deadlock, creating a fail-open condition. This design means that any process running with root privileges can effectively disable the security extension by suspending its execution, causing all file-access policy checks to silently pass. The CVSS 4.0 vector indicates local attack (AV:L), low complexity (AC:L), high privileges required (PR:H), but critically high impact on subsequent system confidentiality and integrity (SC:H/SI:H), reflecting the scope change from compromising the extension to bypassing system-wide access controls.
RemediationAI
Upgrade ClearanceKit to version 5.0.6 or later, which implements proper protection against signal-based attacks on the opfilter system extension. The update can be obtained from the vendor's GitHub repository referenced in the security advisory at https://github.com/craigjbass/clearancekit/security/advisories/GHSA-5r9w-9fg6-266q. For environments unable to immediately upgrade, implement compensating controls by restricting which processes can run with root privileges through mandatory access controls external to ClearanceKit (such as TCC restrictions or third-party privilege management solutions), though this has limited effectiveness since the vulnerability itself requires root access. Monitor system logs for unexpected termination or suspension of the opfilter extension process (look for SIGSTOP/SIGKILL/SIGTERM events against processes with bundle ID uk.craigbass.clearancekit.opfilter), which may indicate exploitation attempts, though legitimate administrative actions could also trigger these signals. Note that there is no effective workaround that preserves both ClearanceKit functionality and prevents this bypass - the only complete remediation is upgrading to the patched version.
Same weakness CWE-693 – Protection Mechanism Failure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-24213