Skip to main content

Apple EUVDEUVD-2026-17484

| CVE-2026-34218 MEDIUM
Improper Privilege Management (CWE-269)
2026-03-31 GitHub_M
6.3
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
4.2.14
EUVD ID Assigned
Mar 31, 2026 - 15:31 euvd
EUVD-2026-17484
Analysis Generated
Mar 31, 2026 - 15:31 vuln.today
CVE Published
Mar 31, 2026 - 15:13 nvd
MEDIUM 6.3

DescriptionGitHub Advisory

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed (MDM-delivered) and user-defined file-access rules were not applied until the user interacted with policies through the GUI, triggering a policy mutation over XPC. This issue has been patched in version 4.2.14.

AnalysisAI

ClearanceKit on macOS fails to enforce managed and user-defined file-access policies during startup, allowing local processes to bypass intended access controls until GUI interaction triggers policy reloading. The vulnerability affects ClearanceKit versions prior to 4.2.14, where two startup defects create a window in which only a hardcoded baseline rule is enforced, leaving the system vulnerable to privilege escalation and unauthorized file access. This issue is not confirmed actively exploited, but the trivial attack vector (local, no authentication) and high integrity/system impact make it a meaningful risk for systems relying on ClearanceKit for file-access enforcement.

Technical ContextAI

ClearanceKit is a macOS kernel extension or system service that implements per-process file-system access policies through an opfilter enforcement mechanism. The vulnerability stems from initialization logic in two distinct startup code paths that fail to load and activate managed (MDM-delivered) policies and user-defined rules at boot time. Instead, only a single compile-time baseline rule is enforced until a user manually interacts with the policy GUI, which triggers a policy mutation event over XPC (inter-process communication). This is rooted in CWE-269 (Improper Control of Resource Identifiers), indicating the system fails to correctly enforce its own intended access control mechanisms. The affected product is identified by CPE cpe:2.3:a:craigjbass:clearancekit:*:*:*:*:*:*:*:* across all versions prior to 4.2.14.

RemediationAI

Vendor-released patch: ClearanceKit 4.2.14. Update to version 4.2.14 or later, which fixes the two startup defects and ensures managed and user-defined policies are enforced immediately at boot time without requiring GUI interaction. The fixes are tracked in commits 56d617b778c571e3c29b803636d9807940992daa and ddfdacb2633681bbd9c2f41dbd536ea039386628 in the upstream repository at https://github.com/craigjbass/clearancekit. For systems unable to update immediately, minimize the startup window by logging in and opening the ClearanceKit GUI immediately after boot to trigger policy loading; however, this is a workaround and not a substitute for patching. MDM administrators should prioritize updating ClearanceKit across managed devices to restore intended file-access policy enforcement from boot time.

Share

EUVD-2026-17484 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy