CVE-2026-34926
CVSS Score
6.7
EPSS Score
0.0%
EPSS Percentile
0th
A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.
| Vendor | trend micro, inc. |
| Product | trendai apex one |
| Published | May 21, 2026 |
| Last Updated | May 22, 2026 |
โ ๏ธ Actively Exploited โ Act Now
Get instant alerts for trend micro, inc. trendai apex one
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2026-34926.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Trend Micro, Inc. / TrendAI Apex One
2019 (14.0) < 14.0.0.17079
Trend Micro, Inc. / TrendAI Apex One as a Service
SaaS < 14.0.20731
References
success.trendmicro.com: https://success.trendmicro.com/en-US/solution/KA-0023430 success.trendmicro.com: https://success.trendmicro.com/ja-JP/solution/KA-0022974 jvn.jp: https://jvn.jp/en/vu/JVNVU90583059/ jpcert.or.jp: https://www.jpcert.or.jp/english/at/2026/at260014.html cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34926