CVE-2026-39118 allows standard macOS users without administrative privileges to disable endpoint security agents including Kandji MDM and CrowdStrike Falcon EDR, effectively silencing endpoint detection and MDM policy enforcement without elevated rights. The vulnerability has not been observed in active exploitation (EPSS 2nd percentile) and is not KEV-listed, but the business risk is significant for macOS-heavy enterprise environments where insider threat or compromised user account scenarios are credible. Patch details require verification against the Apple Security Advisory; the source data notes authoritative patch version was not confirmed at analysis time.