Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
High

Privilege Escalation in Kandji Agent via XPC Client Validation Gap

IdentifiersCVE-2026-39118CWE-306

CVE-2026-39118 is a local privilege-escalation issue in Iru, Inc. Kandji Agent before version 4.7.5(5374). According to the provided content, the flaw is a client validation gap that allows a local attacker to invoke restricted agent functionality. The issue is associated with weak validation of privileged XPC client requests in the Kandji Agent on macOS, enabling an unprivileged local user to impersonate or otherwise satisfy insufficient trust checks and access privileged agent operations that should be restricted. XM Cyber reported demonstrating this in a broader macOS attack chain involving trusted-component impersonation and privileged XPC method invocation, resulting in permanent deactivation of Kandji MDM by clearing EDR guards and terminating the Endpoint Security Framework extension.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows a local unprivileged attacker to escalate privileges within the context of Kandji Agent’s restricted functionality and disable or permanently deactivate Kandji’s security/management capabilities on the affected macOS host. The reported effects include clearing EDR guards and terminating the Endpoint Security Framework extension, which can neutralize endpoint management and security enforcement, reduce visibility, and facilitate defense evasion and follow-on compromise.

Mitigation

If you can’t patch tonight, do this now.

Apply the vendor patch by updating Kandji Agent to 4.7.5(5374) or later. Until patching is complete, reduce local attacker opportunities by limiting untrusted local code execution, restricting standard-user access on managed macOS endpoints, monitoring for unexpected termination of Kandji components or Endpoint Security Framework extensions, and using available detections for suspicious abuse of privileged XPC interactions and security-agent deactivation behavior. The provided content also indicates developers should strengthen XPC validation logic to prevent exploitation of this class of issue.

Remediation

Patch, then assume compromise.

Upgrade Kandji Agent to version 4.7.5(5374) or later. The vendor has released an updated Kandji Agent version that protects macOS systems against this exploit. Where possible, review and harden privileged XPC client validation logic so that restricted agent functionality is only accessible to properly authenticated and authorized clients.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
IruKandji Agentapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

3 SOURCESView more in app
scworldNews
Jun 24, 2026
macOS attack technique bypasses endpoint security tools | brief | SC Media

A vulnerability assigned by Kandji related to a macOS attack chain that abuses weakly-validated XPC connections, malicious Interface Builder payload injection, and trust cache persistence to disable security tooling and deactivate Kandji MDM from a standard user account.

Read more
security weekNews
Jun 24, 2026
macOS Weaknesses Chained to Silently Disable Endpoint Security Agents - SecurityWeek

A Kandji MDM-related flaw in a macOS attack chain that allowed a standard non-admin user to permanently deactivate the agent by abusing legitimate macOS behavior and privileged XPC interactions.

Read more
dark readingNews
Jun 24, 2026
Apple's MacOS Gap Lets Users Disable Security Tools

A macOS privilege-escalation vulnerability involving CDHash trust caching and NIB injection that allows a standard user to impersonate trusted application components and invoke privileged XPC services, enabling disabling of security tools without administrator privileges.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2026-39118
NVD
nvd.nist.gov/vuln/detail/CVE-2026-39118
MITRE CWE · CWE-306
cwe.mitre.org
iru.com
iru.com/updates/2026/03/agent-4-7-5-5374