CVE-2026-34926
6.7
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L
Summary
A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.
This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Trend Micro, Inc. | TrendAI Apex One | 2019 (14.0) < 14.0.0.17079 | affected |
| Trend Micro, Inc. | TrendAI Apex One as a Service | SaaS < 14.0.20731 | affected |
Weaknesses
- CWE-23: CWE-23: Relative Path Traversal
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: total
Additional References
References
- https://success.trendmicro.com/en-US/solution/KA-0023430
- https://success.trendmicro.com/ja-JP/solution/KA-0022974
- https://jvn.jp/en/vu/JVNVU90583059/
- https://www.jpcert.or.jp/english/at/2026/at260014.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.