CVE-2026-39118: An issue in Iru, Inc Kandji Agent before v
An issue in Iru, Inc Kandji Agent before v.4.7.5(5374) allows a local attacker to escalate privileges via a client validation gap to invoke restricted agent functionality.
Metrics
- CVSS v3.1
- 8.4
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A privilege escalation vulnerability affects the Kandji Agent (versions before 4.7.5 build 5374), a macOS device management agent. The flaw is reachable locally, without any credentials, and requires no user interaction, meaning any process or unprivileged shell on the host can trigger it. Successful exploitation gives an attacker full control over confidentiality, integrity, and availability of the affected system by invoking restricted agent functionality that is normally off-limits to non-privileged callers. HarborGuard is tracking this advisory and will make a patched-image rebuild available as soon as an upstream fix version is published.
HarborGuard Coverage
Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images that bundle the Kandji Agent. Any image found to ship an affected version of the agent is flagged immediately.
AvailableHarborGuard scores this finding at CVSS 8.4 (HIGH) and weights it further against each environment's compliance policy, surfacing it to the appropriate team inbox inside the customer org so the right engineers see it without manual triage overhead.
AvailableBecause no fix version has been published upstream, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment the vendor ships a corrected release. In the meantime, customers can apply compensating controls through HarborGuard policy rules to flag or block deployment of images containing the vulnerable agent version.
Pending upstreamExploit Conditions
- Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network access is required to reach the vulnerable component.
- AuthenticationNot required
No credentials or account privileges are needed; any local process can attempt to invoke the restricted agent functionality.
- Victim interactionNot required
Exploitation is fully attacker-driven and requires no action from any user on the system.
- Attack complexityDetail
The exploit is reliable and condition-free; no race conditions, memory layout dependencies, or special environmental factors are required.
Blast Radius
- A successful attacker reads any file or credential accessible to the agent process, including device management secrets and stored configuration.
- The attacker writes to or modifies system state managed by the Kandji Agent, including policy enforcement records and managed preferences.
- The attacker can crash or disable the agent entirely, removing device management oversight from the host.
- Because the agent typically runs with elevated system privileges, full local privilege escalation to root or equivalent is achievable.
How HarborGuard Handles This
Available on HarborGuard: this CVE is matched against all images in connected registries and CI pipelines within minutes of publication, covering both vendor-supplied and internally built images that bundle the Kandji Agent. Because no upstream fix has been published, HarborGuard monitors the advisory on every ingest cycle and will surface a patched-image rebuild automatically the moment Iru, Inc releases a corrected version. While waiting for an upstream fix, customers can use HarborGuard policy controls to flag images shipping the vulnerable agent version, restrict their promotion to production registries, and enforce network-isolation rules that limit what the agent process can reach, reducing the blast radius of any local exploit.
- n/a / n/an/a
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H