Directory Traversal Flaw in Apex One by Trend Micro
CVE-2026-34926

6.7MEDIUM

Key Information:

Vendor: Trend Micro
Status: Trendai Apex One; Trendai Apex One As A Service
Vendor: CVE Published:; 21 May 2026

🔔 Create Trend Micro Vulnerability Alert

What is CVE-2026-34926?

Apex One, a security solution from Trend Micro, exhibits a directory traversal vulnerability that could potentially allow a pre-authenticated local attacker to manipulate a critical server-side database table. By leveraging access to the Apex One Server and possessing administrative credentials, an attacker may be able to inject malicious code that can compromise the integrity and functionality of the software. This flaw underscores the necessity for robust access control and continuous monitoring of server environments to mitigate risks associated with unauthorized access.

Affected Version(s)

TrendAI Apex One 2019 (14.0) < 14.0.0.17079

TrendAI Apex One as a Service SaaS < 14.0.20731

References

https://success.trendmicro.com/en-US/solution/KA-0023430

https://success.trendmicro.com/ja-JP/solution/KA-0022974

https://jvn.jp/en/vu/JVNVU90583059/

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2026
Vulnerability Reserved
Mar 31, 2026

CVE-2026-34926 Data

JSON