CVE-2026-39118 allows a standard, non-administrative macOS user to disable or permanently deactivate endpoint security agents including Kandji MDM and CrowdStrike Falcon EDR without elevated credentials. The vulnerability is researcher-disclosed, not yet in CISA KEV, and carries a low EPSS score (0.00116), but its defense-evasion potential is high: successful exploitation removes primary visibility and device management controls on macOS endpoints before or during an attack.