NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-40599

Summary	ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.5, ClearanceKit incorrectly treats a process with an empty Team ID and a non-empty Signing ID as an Apple platform binary. This bug allows a malicious software to impersonate an apple process in the global allowlist, and access all protected files. This vulnerability is fixed in 5.0.5.
Publication Date	April 22, 2026, 3:16 a.m.
Registration Date	April 25, 2026, 4:03 a.m.
Last Update	April 23, 2026, 6:24 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/craigjbass/clearancekit/security/advisories/GHSA-w253-42qp-5f2x	security-advisories@github.com
2	https://github.com/craigjbass/clearancekit/security/advisories/GHSA-w253-42qp-5f2x	134c704f-9b21-4f2e-91b3-4a467353bcc0

Common Vulnerabilities List