Directory Traversal Flaw in Apex One by Trend Micro
CVE-2026-34926
Key Information:
- Vendor
Trend Micro
- Vendor
- CVE Published:
- 21 May 2026
Badges
What is CVE-2026-34926?
CVE-2026-34926 is a directory traversal vulnerability found in the on-premise version of Trend Micro's Apex One, a security management solution designed to provide endpoint protection. This vulnerability allows an authenticated local attacker who has gained administrative access to the Apex One server to manipulate a key table. By exploiting this flaw, the attacker can inject malicious code that may be deployed to agents connected to the affected installations. The potential for code injection poses a serious risk as it could lead to unauthorized control and modification of security settings, ultimately compromising the integrity of the security system.
Potential Impact of CVE-2026-34926
-
Unauthorized Code Execution: The ability for an attacker to inject malicious code can lead to execution of arbitrary commands on the Apex One servers, allowing them to manipulate the server's functionality and potentially deploy malware across connected endpoints.
-
Compromise of Endpoint Security: Since Apex One is responsible for managing endpoint security, a successful exploitation could enable an attacker to bypass existing security protocols, thereby compromising the effectiveness of the security infrastructure within an organization.
-
Data Breaches: Exploiting this vulnerability could lead to unauthorized access to sensitive data stored or managed by the Apex One solution, heightening the risk of data breaches and the potential for data theft or unauthorized disclosure.
CISA has reported CVE-2026-34926
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-34926 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
TrendAI Apex One 2019 (14.0) < 14.0.0.17079
TrendAI Apex One as a Service SaaS < 14.0.20731
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Week in review: Infostealer dropped via FortiClient EMS flaw, exploited Trend Micro Apex One flaw - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Coinflow CISO on crypto payments security under AI
2 weeks ago
It Security NewsCVE-2026-34926Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926) - IT Security News
A relative directory path traversal vulnerability (CVE-2026-34926) in Trend Micro’s Apex One platform has been exploited in zero-day attacks, the company confirmed. “TrendAI has observed at least one attempt to exploit this vulnerability in the wild,” Trend Micro noted, and…Read more →
2 weeks ago
Help Net SecurityCVE-2026-34926Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926) - Help Net Security
A relative directory path traversal vulnerability (CVE-2026-34926) in Trend Micro's Apex One platform has been exploited in zero-day attacks.
2 weeks ago
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 📰
First article discovered by The Hacker News
- 👾
Exploit known to exist
- 🦅
CISA Reported
Vulnerability published
Vulnerability Reserved