๐Ÿ” CVE Alert

CVE-2026-34926

MEDIUM 6.7 โš ๏ธ CISA KEV
CVSS Score
6.7
EPSS Score
0.0%
EPSS Percentile
0th

A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.

Vendor trend micro, inc.
Product trendai apex one
Published May 21, 2026
Last Updated May 22, 2026
โš ๏ธ Actively Exploited โ€” Act Now

Get instant alerts for trend micro, inc. trendai apex one

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2026-34926.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

Trend Micro, Inc. / TrendAI Apex One
2019 (14.0) < 14.0.0.17079
Trend Micro, Inc. / TrendAI Apex One as a Service
SaaS < 14.0.20731

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
success.trendmicro.com: https://success.trendmicro.com/en-US/solution/KA-0023430 success.trendmicro.com: https://success.trendmicro.com/ja-JP/solution/KA-0022974 jvn.jp: https://jvn.jp/en/vu/JVNVU90583059/ jpcert.or.jp: https://www.jpcert.or.jp/english/at/2026/at260014.html cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34926