Detection Guidance

This vulnerability affects the Kandji Agent for macOS versions before 4.7.5 (5374). Detection involves identifying if the vulnerable version of the Kandji Agent is installed on your system.

You can check the installed version of the Kandji Agent by running the following command in the terminal on macOS:

• kandji-agent --version

If the version reported is earlier than 4.7.5 (5374), the system is vulnerable.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by allowing a local attacker with limited privileges to gain access to restricted functions within the Kandji Agent. This escalation of privileges could lead to unauthorized actions being performed on your system, potentially compromising system integrity and availability.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-39118 is an access control vulnerability in the Kandji Agent for macOS developed by Iru, Inc. It affects versions before 4.7.5 (5374). The vulnerability allows a local attacker with standard user privileges to escalate their privileges by exploiting a client validation gap. This gap enables the attacker to invoke restricted agent functionality that should normally be inaccessible.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to update the Kandji Agent to version 4.7.5 (5374) or later, as this release addresses the vulnerability.

Ensure that all macOS systems running the Kandji Agent are upgraded promptly to prevent local attackers from exploiting the privilege escalation vulnerability.

Useful 0 Not Useful 0