CVE-2026-34926

MEDIUM 6.7

CVSS Score

6.7

EPSS Score

0.0%

EPSS Percentile

0th

A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.

Vendor	trend micro, inc.
Product	trendai apex one
Published	May 21, 2026

Stay Ahead of the Next One

Get instant alerts for trend micro, inc. trendai apex one

Be the first to know when new medium vulnerabilities affecting trend micro, inc. trendai apex one are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Trend Micro, Inc. / TrendAI Apex One

2019 (14.0) < 14.0.0.17079

Trend Micro, Inc. / TrendAI Apex One as a Service

SaaS < 14.0.20731

References

NVD ↗ CVE.org ↗ EPSS Data ↗

success.trendmicro.com: https://success.trendmicro.com/en-US/solution/KA-0023430 success.trendmicro.com: https://success.trendmicro.com/ja-JP/solution/KA-0022974 jvn.jp: https://jvn.jp/en/vu/JVNVU90583059/ jpcert.or.jp: https://www.jpcert.or.jp/english/at/2026/at260014.html