Origin Validation Flaw in Apex One and SEP Agent by Trend Micro
CVE-2026-34928

7.8HIGH

Key Information:

Vendor: Trend Micro
Status: Trendai Apex One; Trendai Apex One As A Service
Vendor: CVE Published:; 21 May 2026

🔔 Create Trend Micro Vulnerability Alert

What is CVE-2026-34928?

An origin validation vulnerability exists in the Apex One and SEP Agent, which could allow a local attacker to escalate privileges on impacted installations. An attacker needs to first execute low-privileged code on the target system to exploit this weakness. This vulnerability is analogous to other issues in similar named pipe communication mechanisms, highlighting the critical importance of robust access controls and thorough security practices.

Affected Version(s)

TrendAI Apex One 2019 (14.0) < 14.0.0.17079

TrendAI Apex One as a Service SaaS < 14.0.20731

References

https://success.trendmicro.com/en-US/solution/KA-0023430

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2026
Vulnerability Reserved
Mar 31, 2026

CVE-2026-34928 Data

JSON