CVE-2026-34926

Published May 21, 2026

Last updated 23 days ago

Exploit knownCVSS medium 6.7
Zero-day
Apex One (on-premise)
Apex One

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-34926 is a directory traversal vulnerability found in the on-premise version of Trend Micro Apex One. This flaw enables a pre-authenticated local attacker to alter a key table on the server. By modifying this table, an attacker can inject malicious code, which is subsequently deployed to agents on affected installations. Exploitation of this vulnerability requires the attacker to have local access to the Apex One Server and already possess administrative credentials for that server. Trend Micro has noted instances of attempted exploitation of this vulnerability in real-world scenarios, leading to its inclusion in CISA's Known Exploited Vulnerabilities catalog.

Description
A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.
Source
security@trendmicro.com
NVD status
Analyzed
Products
apex_one

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.7
Impact score
5.3
Exploitability score
0.8
Vector string
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L
Severity
MEDIUM

Known exploits

Data from CISA

Vulnerability name
Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
Exploit added on
May 21, 2026
Exploit action due
Jun 4, 2026
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

security@trendmicro.com
CWE-23

Social media

Hype score
Not currently trending

  1. CISA KEV 警告 26/05/21:Trend Micro Apex One の脆弱性 CVE-2026-34926 を KEV に登録 https://t.co/LD4fTscEQx Trend Micro Apex One の脆弱性 CVE-2026-34926

    @iototsecnews

    28 May 2026

    66 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. U.S. CISA adds Trend Micro Apex One (CVE-2026-34926) and Langflow (CVE-2025-34291) to Known Exploited Vulnerabilities catalog via @SecurityAffairs #Proficio #ThreatNews #Cybersecurity #MSSP #MDR https://t.co/XMknEc88Ko

    @proficioinc

    27 May 2026

    126 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Trend Micro Apex Oneの脆弱性が悪用され、CISAから警告が発令されました(CVE-2026-34926) Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926) #HelpNetSecurity (May 26) https://t.co/36NdyLSnJQ

    @foxbook

    27 May 2026

    216 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926): A relative directory path traversal vulnerability (CVE-2026-34926) in Trend Micro’s Apex One platform has been exploited in zero-day attacks, the company confirmed. “TrendAI… https://t.co/gDwc6

    @shah_sheikh

    26 May 2026

    72 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 【Apex OneのCVE-2026-34926が実悪用、オンプレ版は優先確認を】 TrendAI Apex OneのCVE-2026-34926について、実際の攻撃での利用が確認されています。 この脆弱性はApex

    @01ra66it

    26 May 2026

    225 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 【Trend Micro Apex OneのCVE-2026-34926、実悪用を確認】 Trend Micro Apex Oneオンプレミス版で、CVE-2026-34926の悪用試行が確認されています。 この脆弱性はApex One

    @01ra66it

    25 May 2026

    241 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 【Apex One複数脆弱性、CVE-2026-34926は悪用確認あり】 JVNは、Trend Micro Apex Oneなどにおける複数の脆弱性を緊急情報として公表しました。 特にCVE-2026-34926はオンプレミス版に影響する相対パストラバーサル脆弱性

    @01ra66it

    25 May 2026

    207 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🛡️⚔️ VULNCHEFAI Morning Threat Intel 3 active CISA KEVs confirmed in the wild: • CVE-2026-9082 — Drupal Core (patch by May 27) • CVE-2025-34291 — Langflow • CVE-2026-34926 — Trend Micro Apex One Real-world exposures already showing on Shodan. Patch th

    @CyberchefG

    24 May 2026

    241 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Trend Micro Apex OneのCVE-2026-34926は、ディレクトリトラバーサル。放置するとサーバが悪用され、エージェントへ配布される恐れ。修正適用とバージョン確認を今すぐ。 #CVE #セキュリティ https://t.co/g1KPFNfNLP

    @AI_Crash_Watch

    24 May 2026

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🟠 Trend Micro Apex One, Directory Traversal, #CVE-2026-34926 (Medium) https://t.co/TVNek681QP

    @dailycve

    24 May 2026

    60 Impressions

    2 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 【LangflowとApex Oneの悪用脆弱性、CISA KEVに追加】 The Hacker Newsは、CISAがLangflowとTrend Micro Apex Oneの脆弱性をKEVカタログに追加したと報じました。LangflowのCVE-2025-34291、Apex One on-premiseのCVE-2026-34926はいずれも実悪用

    @01ra66it

    23 May 2026

    592 Impressions

    2 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  12. Trend Micro Apex One zero-day (CVE-2026-34926) A security product's own zero-day is being exploited in the wild. Trend Micro patched CVE-2026-34926, a directory traversal in Apex One on-prem that lets an attacker with admin credentials inject malicious code deployed to all

    @ElusivePrivacy

    23 May 2026

    112 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  13. 📢 CISA KEV UPDATE: Two new vulnerabilities affecting Langflow (CVE-2025-34291) & Trend Micro Apex One (CVE-2026-34926) are being actively exploited. Federal agencies mandated to patch. All orgs urged to patch NOW! #CyberSecurity #Vulnerability #Patc... 🌐 cyber[.]netsec

    @NetSecIO

    22 May 2026

    306 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨 CISA adds CVE-2025-34291 and CVE-2026-34926 to KEV after active exploitation. ✅ Patch immediately, restrict exposure, and review logs. https://t.co/mU4BY8f0aF #Langflow #TrendMicro #CISAKEV #CVE #CyberSecurity #Vulert

    @vulert_official

    22 May 2026

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CVE-2025-34291 & CVE-2026-34926 join CISA's KEV Catalog, spotlighting the reactive lag in vulnerability management. Clawolf AS-OS™'s Context-Aware Decision Fabric and sub-30s containment neutralize such threats autonomously, bypassing human… #CyberSecurity #ThreatIntellig

    @Clawolf_ASOS

    22 May 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 🚨 CISA KEV: Dos vulnerabilidades activamente explotadas 🔴 CVE-2025-34291 (Langflow, CVSS 9.4) → ejecución remota de código. Usada por MuddyWater (Irán) 🔴 CVE-2026-34926 (Trend Micro Apex One) → directory traversal ✅ Parche antes del 4 de junio #CISA #KEV #La

    @esecintelcl

    22 May 2026

    277 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに、LangflowのCVE-2025-34291とTrend Micro Apex One(オンプレミス版)のCVE-2026-34926を追加。退所期限は通常の6/4。ランサムウェ

    @__kokumoto

    21 May 2026

    1046 Impressions

    0 Retweets

    4 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. CISAが既知の悪用された脆弱性2件をカタログに追加 CISA Adds Two Known Exploited Vulnerabilities to Catalog #CISA (May 21) CVE-2025-34291 Langflow Origin検証エラーの脆弱性 CVE-2026-34926 Trend Micro Apex One (オンプレミス) ディレクトリ

    @foxbook

    21 May 2026

    502 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. NEW THREAT INTEL: CISA KEV adds Langflow CORS RCE (CVE-2025-34291) & Trend Micro Apex One traversal (CVE-2026-34926). 9 rules, 23 IOCs. https://t.co/7gAFSNuG1e #ThreatIntel #KEV https://t.co/YFZ0letYOx

    @threadlinqs

    21 May 2026

    292 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. 🛡️ We added Langflow origin validation error vulnerability CVE-2025-34291 and Trend Micro Apex One (on-premise) server directory traversal vulnerability CVE-2026-34926 to our KEV Catalog. Visit https://t.co/myxOwap1Tf for more information. #Cybersecurity #InfoSec https://t.c

    @CISACyber

    21 May 2026

    7081 Impressions

    11 Retweets

    30 Likes

    4 Bookmarks

    7 Replies

    2 Quotes

  21. 🚨 New CISA KEV: CVE-2026-34926 Trend Micro Apex One https://t.co/ubRyGMiud3 #boarnet #cybersecurity #cisakev #cve #threatintelligence #malware https://t.co/5N5B2VClu1

    @boarnetio

    21 May 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 but exists in a different process protection communication mechanism. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.CVE-2026-45207
  2. A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.CVE-2026-45208
  3. An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.CVE-2026-45206
  4. An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.CVE-2026-34927
  5. An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.CVE-2026-34930

References

Sources include official advisories and independent security research.