CVE-2026-39118

Vulnerability

The Kandji Agent (macOS) before version 4.7.5 (5374) contains an access control issue where the client does not properly validate whether a local user is authorized to invoke certain restricted agent functionality. A local attacker with standard user privileges can exploit this validation gap to trigger operations intended only for privileged users. [1]

Exploitation

An attacker must have a standard user account on the target macOS system. No additional network access or user interaction is required beyond local login. By sending crafted requests to the agent process, the attacker can bypass the intended privilege checks and invoke restricted functionality that the agent normally limits to higher-privileged contexts. [1]

Impact

Successful exploitation allows the attacker to escalate privileges to a higher level, potentially gaining the ability to perform agent actions that affect system security or integrity. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H) indicates high availability impact, low integrity impact, and no confidentiality impact, meaning the attacker could disrupt or manipulate agent operations but not read protected data. [1]

Mitigation

The issue is fixed in Kandji Agent 4.7.5 (5374), released on March 25, 2026. All installations of the macOS agent before this version should be updated to the latest release via the Kandji management console. No workaround is described; updating the agent is the only remediation. The vulnerability is not listed on the CISA KEV as of the publication date. [1]