CVE-2026-39118
Deferred Deferred - Pending Action

Privilege Escalation in Kandji Agent

Vulnerability report for CVE-2026-39118, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-15

Last updated on: 2026-06-16

Assigner: MITRE

Description

An issue in Iru, Inc Kandji Agent before v.4.7.5(5374) allows a local attacker to escalate privileges via a client validation gap to invoke restricted agent functionality.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-15
Last Modified
2026-06-16
Generated
2026-07-06
AI Q&A
2026-06-15
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
iru_inc kandji_agent to 4.7.5 (exc)
iru_inc kandji_agent 4.7.5

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

This vulnerability affects the Kandji Agent for macOS versions before 4.7.5 (5374). Detection involves identifying if the vulnerable version of the Kandji Agent is installed on your system.

You can check the installed version of the Kandji Agent by running the following command in the terminal on macOS:

  • kandji-agent --version

If the version reported is earlier than 4.7.5 (5374), the system is vulnerable.

Impact Analysis

This vulnerability can impact you by allowing a local attacker with limited privileges to gain access to restricted functions within the Kandji Agent. This escalation of privileges could lead to unauthorized actions being performed on your system, potentially compromising system integrity and availability.

Executive Summary

CVE-2026-39118 is an access control vulnerability in the Kandji Agent for macOS developed by Iru, Inc. It affects versions before 4.7.5 (5374). The vulnerability allows a local attacker with standard user privileges to escalate their privileges by exploiting a client validation gap. This gap enables the attacker to invoke restricted agent functionality that should normally be inaccessible.

Mitigation Strategies

The primary mitigation step is to update the Kandji Agent to version 4.7.5 (5374) or later, as this release addresses the vulnerability.

Ensure that all macOS systems running the Kandji Agent are upgraded promptly to prevent local attackers from exploiting the privilege escalation vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-39118. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart