CVE-2026-34218

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-34218

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-34218.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-34218

Aliases

GHSA-fpmv-5wgw-qhhr

Published

2026-03-31T15:13:03.641Z

Modified

2026-04-02T13:41:36.833914Z

Severity

6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N CVSS Calculator

Summary

ClearanceKit: Managed and user-defined policy rules not enforced between opfilter start and first policy modification

Details

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed (MDM-delivered) and user-defined file-access rules were not applied until the user interacted with policies through the GUI, triggering a policy mutation over XPC. This issue has been patched in version 4.2.14.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-269"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/34xxx/CVE-2026-34218.json"
}

References

Affected packages

Git / github.com/craigjbass/clearancekit

Affected ranges

Type

GIT

Repo

https://github.com/craigjbass/clearancekit

Events

Introduced

Fixed

56d617b778c571e3c29b803636d9807940992daa

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.2.14"
        }
    ]
}

Affected versions

v3.*

v3.1-1480877

v3.1-1c065f7

v3.1-2bc8773

v3.1-34107d6

v3.1-56cf8aa

v3.1-781fe68

v3.1-9444cb6

v3.1-962116d

v3.1-9ae9a1e

v3.1-a563b4b

v3.1-b616763

v3.1-bab7abf

v3.1-def8687

v3.1-f48c585

v3.1-f9c7713

v3.2-9bb23fd

v3.3-9bb62a6

v4.*

v4.0-19126ba

v4.0-2ccd30f

v4.0-3f01958

v4.0-5a0de89

v4.0-8fc8884

v4.0-b574aa3

v4.0-c828d5e

v4.0-db67c62

v4.0-e2705e0

v4.0-eca88d7

v4.0-f8c9232

v4.1-16a3e37

v4.1-3594f78

v4.1-6bcaabe

v4.1-8386ae0

v4.1-981728f

v4.1-df4a170

v4.1-dfed70f

v4.1-fd5fab3

v4.2-10c19ed

v4.2-3379a1c

v4.2-64f154d

v4.2-9997343

v4.2-a6926d4

v4.2-da58a49

v4.2-f5f9534

v4.2.1-7b10538

v4.2.1-beta-0943b9a

v4.2.1-beta-1446c6b

v4.2.10-beta-1bd9a4b

v4.2.10-beta-d078fba

v4.2.10-d078fba

v4.2.11-97eb073

v4.2.11-beta-caef71c

v4.2.11-beta-f1afa86

v4.2.12-beta-25c25f0

v4.2.12-beta-2bd354b

v4.2.12-beta-3ce0726

v4.2.12-beta-4e235b6

v4.2.12-beta-6eadd6a

v4.2.12-beta-70dd223

v4.2.12-beta-8a28803

v4.2.12-beta-97eb073

v4.2.12-beta-9cfec23

v4.2.12-beta-9dd7fc2

v4.2.12-beta-c380cfb

v4.2.12-beta-ddfdacb

v4.2.12-beta-e9b99e2

v4.2.13-ddfdacb

v4.2.2-d44ae9d

v4.2.3-d488a1e

v4.2.4-6181c4a

v4.2.5-0ab246c

v4.2.6-beta-0ba8b30

v4.2.6-beta-4a29601

v4.2.6-beta-505afd6

v4.2.6-beta-521fc32

v4.2.6-beta-5554edf

v4.2.6-beta-688192a

v4.2.6-beta-77386f2

v4.2.6-beta-9cab2ff

v4.2.6-beta-a77902b

v4.2.6-beta-e3bced6

v4.2.6-beta-e3e33ea

v4.2.6-beta-e3fec11

v4.2.6-beta-e92e21e

v4.2.6-beta-e9d43ea

v4.2.6-beta-ec8db39

v4.2.6-e3bced6

v4.2.7-1c782a1

v4.2.7-beta-1c782a1

v4.2.7-beta-1cc0a77

v4.2.7-beta-268aa55

v4.2.7-beta-65c19c6

v4.2.7-beta-7ad2f7d

v4.2.7-beta-88b2b3a

v4.2.7-beta-b39d99a

v4.2.7-beta-e0e2967

v4.2.8-beta-046a61a

v4.2.8-beta-11ee34c

v4.2.8-beta-14393bb

v4.2.8-beta-1c17230

v4.2.8-beta-23e30c5

v4.2.8-beta-2f491e6

v4.2.8-beta-34142ac

v4.2.8-beta-3440884

v4.2.8-beta-723e90c

v4.2.8-beta-844141b

v4.2.8-beta-8df99b8

v4.2.8-beta-941ba0d

v4.2.8-beta-954bb2a

v4.2.8-beta-96049f8

v4.2.8-beta-9ab4936

v4.2.8-beta-9f81d2d

v4.2.8-beta-aa06e60

v4.2.8-beta-e9ab07b

v4.2.8-beta-f1a2de7

v4.2.8-beta-f51fc8e

v4.2.8-beta-f55f283

v4.2.8-beta-f606b7a

v4.2.8-beta-f84e3d4

v4.2.8-beta-fcbe4ec

v4.2.8-e9ab07b

v4.2.9-1bd9a4b

v4.2.9-beta-0a8cd29

v4.2.9-beta-0c7f3d1

v4.2.9-beta-17cd99f

v4.2.9-beta-217a1fb

v4.2.9-beta-25e1230

v4.2.9-beta-2924fec

v4.2.9-beta-2c78ce1

v4.2.9-beta-3a9e8c7

v4.2.9-beta-43f52c8

v4.2.9-beta-48d9e4b

v4.2.9-beta-52d3a07

v4.2.9-beta-58ad180

v4.2.9-beta-5ffabaf

v4.2.9-beta-690e5fd

v4.2.9-beta-6f2122a

v4.2.9-beta-704d137

v4.2.9-beta-7768ef9

v4.2.9-beta-7d215cd

v4.2.9-beta-88a324e

v4.2.9-beta-8b7f499

v4.2.9-beta-8fcabc9

v4.2.9-beta-ba38640

v4.2.9-beta-c21ad1e

v4.2.9-beta-c9f6efa

v4.2.9-beta-cd8eec6

v4.2.9-beta-db4dee9

v4.2.9-beta-e5bed60

v4.2.9-beta-eed8ad3

v4.2.9-beta-f5efabc

v4.2.9-beta-fe1590d

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-34218.json"