CVE-2026-39118 allows a standard non-privileged macOS user to abuse trust cache mechanisms to silently disable endpoint security agents including Kandji MDM and CrowdStrike Falcon EDR without administrator credentials. No Apple patch or NVD record has been confirmed at time of publication; all technical details are based on security researcher and vendor reporting and should be treated as medium confidence pending Apple Security Advisory confirmation. EPSS is 0.00116 (1.87th percentile), indicating low current exploitation probability, but the vulnerability class — defense evasion via security agent disabling — warrants monitoring given its potential to blind endpoint detection for all subsequent attacks.