CVE-2026-33632

{"id": "CVE-2026-33632", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-26T20:16:16.277", "references": [{"url": "https://github.com/craigjbass/clearancekit/commit/6181c4a22eccbeca973c77f4bd023eb795c13786", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/craigjbass/clearancekit/security/advisories/GHSA-wpxj-vhfp-hhvm", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.4, two file operation event types \u2014 ES_EVENT_TYPE_AUTH_EXCHANGEDATA and ES_EVENT_TYPE_AUTH_CLONE \u2014 were not intercepted by ClearanceKit's opfilter system extension, allowing local processes to bypass file access policies. Commit 6181c4a patches the vulnerability by subscribing to both event types and routing them through the existing policy evaluator. Users must upgrade to v4.2.4 or later and reactivate the system extension."}, {"lang": "es", "value": "ClearanceKit intercepta eventos de acceso al sistema de archivos en macOS y aplica pol\u00edticas de acceso por proceso. Antes de la versi\u00f3n 4.2.4, dos tipos de eventos de operaci\u00f3n de archivo \u2014 ES_EVENT_TYPE_AUTH_EXCHANGEDATA y ES_EVENT_TYPE_AUTH_CLONE \u2014 no eran interceptados por la extensi\u00f3n de sistema opfilter de ClearanceKit, permitiendo que los procesos locales eludieran las pol\u00edticas de acceso a archivos. El commit 6181c4a corrige la vulnerabilidad al suscribirse a ambos tipos de eventos y enrut\u00e1ndolos a trav\u00e9s del evaluador de pol\u00edticas existente. Los usuarios deben actualizar a la v4.2.4 o posterior y reactivar la extensi\u00f3n de sistema."}], "lastModified": "2026-04-21T15:02:26.793", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:craigjbass:clearancekit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FA57E26-5E50-41D8-BBFD-D301436C00F2", "versionEndExcluding": "4.2.4"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}