CVE-2026-39118
Deferred
Deferred - Pending Action
Privilege Escalation in Kandji Agent
Vulnerability report for CVE-2026-39118, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-15
Last updated on: 2026-06-16
Assigner: MITRE
Description
Description
An issue in Iru, Inc Kandji Agent before v.4.7.5(5374) allows a local attacker to escalate privileges via a client validation gap to invoke restricted agent functionality.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| iru_inc | kandji_agent | to 4.7.5 (exc) |
| iru_inc | kandji_agent | 4.7.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |