CVE-2026-33631

Source
https://cve.org/CVERecord?id=CVE-2026-33631
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33631.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-33631
Aliases
  • GHSA-25f8-8cj2-m887
Published
2026-03-26T19:30:30.379Z
Modified
2026-07-08T08:13:19.093042Z
Severity
  • 8.7 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L CVSS Calculator
Summary
ClearanceKit: opfilter policy bypass via non-open file operations
Details

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. In versions on the 4.1 branch and earlier, the opfilter Endpoint Security system extension enforced file access policy exclusively by intercepting ESEVENTTYPEAUTHOPEN events. Seven additional file operation event types were not intercepted, allowing any locally running process to bypass the configured FAA policy without triggering a denial. Commit a3d1733 adds subscriptions for all seven event types and routes them through the existing FAA policy evaluator. AUTHRENAME and AUTHUNLINK additionally preserve XProtect change detection: events on the XProtect path are allowed and trigger the existing onXProtectChanged callback rather than being evaluated against user policy. All versions on the 4.2 branch contain the fix. No known workarounds are available.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "fixed": "4.2"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33631.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-862"
    ]
}
References

Affected packages

Git / github.com/craigjbass/clearancekit

Affected ranges

Type
GIT
Repo
https://github.com/craigjbass/clearancekit
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Affected versions

v3.*
v3.1-1480877
v3.1-1c065f7
v3.1-2bc8773
v3.1-34107d6
v3.1-56cf8aa
v3.1-781fe68
v3.1-9444cb6
v3.1-962116d
v3.1-9ae9a1e
v3.1-a563b4b
v3.1-b616763
v3.1-bab7abf
v3.1-def8687
v3.1-f48c585
v3.1-f9c7713
v3.2-9bb23fd
v3.3-9bb62a6
v4.*
v4.0-19126ba
v4.0-2ccd30f
v4.0-3f01958
v4.0-5a0de89
v4.0-8fc8884
v4.0-b574aa3
v4.0-c828d5e
v4.0-db67c62
v4.0-e2705e0
v4.0-eca88d7
v4.0-f8c9232
v4.1-16a3e37
v4.1-3594f78
v4.1-6bcaabe
v4.1-8386ae0
v4.1-981728f
v4.1-df4a170
v4.1-dfed70f
v4.1-fd5fab3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33631.json"