Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2026-39118

CVE-2026-39118: Kandji Agent Privilege Escalation Flaw

CVE-2026-39118 is a privilege escalation vulnerability in Kandji Agent that allows local attackers to gain elevated access through a client validation gap. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2026-39118 Overview

CVE-2026-39118 is a privilege escalation vulnerability in the Iru, Inc Kandji Agent prior to version 4.7.5(5374). The flaw stems from a client-side validation gap that allows a local attacker to invoke restricted agent functionality reserved for privileged operations. Kandji Agent runs on managed macOS endpoints with elevated permissions, making any local bypass a direct path to higher privileges. The issue is categorized under [CWE-269: Improper Privilege Management].

Critical Impact

A local, unauthenticated attacker can escalate privileges on affected endpoints and execute restricted agent operations, leading to full compromise of confidentiality, integrity, and availability.

Affected Products

  • Iru, Inc Kandji Agent versions prior to 4.7.5(5374)
  • macOS endpoints managed by vulnerable Kandji Agent builds
  • Fleets relying on the agent for device management and policy enforcement

Discovery Timeline

  • 2026-06-15 - CVE-2026-39118 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2026-39118

Vulnerability Analysis

The Kandji Agent exposes privileged functionality intended to be invoked only by trusted, authenticated components. Versions prior to 4.7.5(5374) enforce these restrictions on the client side rather than within the privileged service boundary. A local attacker who can communicate with the agent can bypass these checks and trigger restricted operations directly.

Because the agent operates with elevated privileges on macOS hosts, abuse of these interfaces translates into immediate privilege escalation. The advisory does not disclose proof-of-concept code or specific interface names, but the attack requires only local access with no prior authentication and no user interaction.

Root Cause

The root cause is improper privilege management ([CWE-269]). Authorization decisions are made by the calling client rather than enforced by the agent's privileged service. Any local process able to construct valid-looking requests to the agent can therefore invoke functionality that should require elevated authorization.

Attack Vector

Exploitation requires local access to a host running a vulnerable Kandji Agent. An attacker with standard user privileges interacts with the agent's local interface and issues requests for restricted operations. Without server-side validation, the agent executes the operation in its privileged context, granting the attacker the agent's effective permissions.

The vulnerability mechanism is described in prose only; no verified public exploit code is available. Refer to the IRU Update on Agent 4.7.5 for vendor-supplied technical context.

Detection Methods for CVE-2026-39118

Indicators of Compromise

  • Unexpected invocations of privileged Kandji Agent operations originating from non-administrative user sessions
  • Unsigned or unauthorized local processes communicating with the Kandji Agent IPC interface
  • Agent-initiated changes to system configuration, policies, or installed software not tied to a Kandji MDM job

Detection Strategies

  • Inventory Kandji Agent versions across the fleet and flag any host running a build older than 4.7.5(5374)
  • Monitor process ancestry for child processes spawned by the Kandji Agent that are not associated with a known management workflow
  • Correlate local user session activity with privileged agent actions to surface anomalous invocations

Monitoring Recommendations

  • Enable endpoint telemetry capturing process creation, IPC connections, and privileged API calls on macOS hosts
  • Forward Kandji Agent logs to a centralized log platform and alert on restricted function invocations outside scheduled MDM tasks
  • Track installed agent versions continuously to detect rollback or pinning to vulnerable builds

How to Mitigate CVE-2026-39118

Immediate Actions Required

  • Upgrade the Kandji Agent to version 4.7.5(5374) or later on every managed endpoint
  • Audit recent privileged agent activity for signs of abuse predating the upgrade
  • Restrict local interactive access on managed macOS hosts to trusted administrators where feasible

Patch Information

Iru, Inc addressed the vulnerability in Kandji Agent 4.7.5(5374). Deployment details and release notes are available in the IRU Update on Agent 4.7.5. Administrators should validate that all managed endpoints report the patched build through the Kandji console.

Workarounds

  • No vendor-supplied workaround replaces the patch; upgrading is the only complete remediation
  • Limit standard user accounts on sensitive macOS endpoints to reduce the population of potential local attackers
  • Apply application allowlisting to prevent execution of untrusted binaries that could interact with the agent
bash
# Verify the installed Kandji Agent version on macOS
/usr/local/bin/kandji --version

# Confirm the build meets the fixed version 4.7.5(5374) or later
# If the reported version is lower, deploy the patched agent via Kandji MDM

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne