CVE-2026-39118 is a macOS privilege escalation vulnerability that allows a standard local user — without administrator rights — to disable Kandji MDM and CrowdStrike Falcon EDR agents. Organizations relying on these tools as their primary macOS endpoint detection and compliance enforcement layer are exposed to silent defense evasion by any local user. Patch availability must be confirmed against Apple’s security advisory; EPSS score is low but local access is a realistic threat model for insider risk and post-initial-access scenarios.