CVE-2026-34926

Summary

A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.

This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Trend Micro, Inc.TrendAI Apex One2019 (14.0) < 14.0.0.17079affected
Trend Micro, Inc.TrendAI Apex One as a ServiceSaaS < 14.0.20731affected

Weaknesses

  • CWE-23: CWE-23: Relative Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References