CVE-2026-34926

Published May 21, 2026

Last updated a day ago

Exploit knownCVSS medium 6.7
Apex One (on-premise)
Apex One

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-34926 is a directory traversal vulnerability found in the on-premise version of Trend Micro Apex One. This flaw enables a pre-authenticated local attacker to alter a key table on the server. By modifying this table, an attacker can inject malicious code, which is subsequently deployed to agents on affected installations. Exploitation of this vulnerability requires the attacker to have local access to the Apex One Server and already possess administrative credentials for that server. Trend Micro has noted instances of attempted exploitation of this vulnerability in real-world scenarios, leading to its inclusion in CISA's Known Exploited Vulnerabilities catalog.

Description
A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.
Source
security@trendmicro.com
NVD status
Undergoing Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.7
Impact score
5.3
Exploitability score
0.8
Vector string
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L
Severity
MEDIUM

Known exploits

Data from CISA

Vulnerability name
Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
Exploit added on
May 21, 2026
Exploit action due
Jun 4, 2026
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

security@trendmicro.com
CWE-23

Social media

Hype score
Not currently trending

  1. 📢 CISA KEV UPDATE: Two new vulnerabilities affecting Langflow (CVE-2025-34291) & Trend Micro Apex One (CVE-2026-34926) are being actively exploited. Federal agencies mandated to patch. All orgs urged to patch NOW! #CyberSecurity #Vulnerability #Patc... 🌐 cyber[.]netsec

    @NetSecIO

    22 May 2026

    87 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CISA adds CVE-2025-34291 and CVE-2026-34926 to KEV after active exploitation. ✅ Patch immediately, restrict exposure, and review logs. https://t.co/mU4BY8f0aF #Langflow #TrendMicro #CISAKEV #CVE #CyberSecurity #Vulert

    @vulert_official

    22 May 2026

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-34291 & CVE-2026-34926 join CISA's KEV Catalog, spotlighting the reactive lag in vulnerability management. Clawolf AS-OS™'s Context-Aware Decision Fabric and sub-30s containment neutralize such threats autonomously, bypassing human… #CyberSecurity #ThreatIntellig

    @Clawolf_ASOS

    22 May 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CISA KEV: Dos vulnerabilidades activamente explotadas 🔴 CVE-2025-34291 (Langflow, CVSS 9.4) → ejecución remota de código. Usada por MuddyWater (Irán) 🔴 CVE-2026-34926 (Trend Micro Apex One) → directory traversal ✅ Parche antes del 4 de junio #CISA #KEV #La

    @esecintelcl

    22 May 2026

    128 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに、LangflowのCVE-2025-34291とTrend Micro Apex One(オンプレミス版)のCVE-2026-34926を追加。退所期限は通常の6/4。ランサムウェ

    @__kokumoto

    21 May 2026

    1016 Impressions

    0 Retweets

    4 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. CISAが既知の悪用された脆弱性2件をカタログに追加 CISA Adds Two Known Exploited Vulnerabilities to Catalog #CISA (May 21) CVE-2025-34291 Langflow Origin検証エラーの脆弱性 CVE-2026-34926 Trend Micro Apex One (オンプレミス) ディレクトリ

    @foxbook

    21 May 2026

    490 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. NEW THREAT INTEL: CISA KEV adds Langflow CORS RCE (CVE-2025-34291) & Trend Micro Apex One traversal (CVE-2026-34926). 9 rules, 23 IOCs. https://t.co/7gAFSNuG1e #ThreatIntel #KEV https://t.co/YFZ0letYOx

    @threadlinqs

    21 May 2026

    292 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🛡️ We added Langflow origin validation error vulnerability CVE-2025-34291 and Trend Micro Apex One (on-premise) server directory traversal vulnerability CVE-2026-34926 to our KEV Catalog. Visit https://t.co/myxOwap1Tf for more information. #Cybersecurity #InfoSec https://t.c

    @CISACyber

    21 May 2026

    7081 Impressions

    11 Retweets

    30 Likes

    4 Bookmarks

    7 Replies

    2 Quotes

  9. 🚨 New CISA KEV: CVE-2026-34926 Trend Micro Apex One https://t.co/ubRyGMiud3 #boarnet #cybersecurity #cisakev #cve #threatintelligence #malware https://t.co/5N5B2VClu1

    @boarnetio

    21 May 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.