SB2026052201 - Multiple vulnerabilities in Trend Micro Apex One

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026052201

SB2026052201 - Multiple vulnerabilities in Trend Micro Apex One

Published: May 22, 2026

Security Bulletin ID SB2026052201
CSH Severity
High
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

High 13% Low 88%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 vulnerabilities.


1) Relative Path Traversal (CVE-ID: CVE-2026-34926)

CWE-ID: CWE-23 - Relative Path Traversal

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:A/U:Amber


The vulnerability allows a local privileged user to inject malicious code for deployment to agents.

The vulnerability exists due to path traversal in the Apex One server when accessing server directories. A local privileged user can modify a key table on the server to inject malicious code for deployment to agents.

This issue is only exploitable on on-premise Apex One installations.

Note, the vulnerability is being actively exploited in the wild.


2) Origin validation error (CVE-ID: CVE-2026-45206)

CWE-ID: CWE-346 - Origin Validation Error

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper origin validation in the Apex One/SEP agent when handling a process protection communication mechanism. A local user can exploit the origin validation flaw to escalate privileges.

Exploitation requires the ability to execute low-privileged code on the target system.


3) Origin validation error (CVE-ID: CVE-2026-34927)

CWE-ID: CWE-346 - Origin Validation Error

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper origin validation in the Apex One/SEP agent when handling inter-process communication. A local user can exploit the origin validation flaw to escalate privileges.

Exploitation requires the ability to execute low-privileged code on the target system.


4) Origin validation error (CVE-ID: CVE-2026-34928)

CWE-ID: CWE-346 - Origin Validation Error

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper origin validation in the Apex One/SEP agent when handling a named pipe communication mechanism. A local user can exploit the origin validation flaw to escalate privileges.

Exploitation requires the ability to execute low-privileged code on the target system.


5) Origin validation error (CVE-ID: CVE-2026-34929)

CWE-ID: CWE-346 - Origin Validation Error

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper origin validation in the Apex One/SEP agent when handling an inter-process communication mechanism. A local user can exploit the origin validation flaw to escalate privileges.

Exploitation requires the ability to execute low-privileged code on the target system.


6) Origin validation error (CVE-ID: CVE-2026-34930)

CWE-ID: CWE-346 - Origin Validation Error

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper origin validation in the Apex One/SEP agent when handling a process protection mechanism. A local user can exploit the origin validation flaw to escalate privileges.

Exploitation requires the ability to execute low-privileged code on the target system.


7) Origin validation error (CVE-ID: CVE-2026-45207)

CWE-ID: CWE-346 - Origin Validation Error

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper origin validation in the Apex One/SEP agent when handling a process protection communication mechanism. A local user can exploit the origin validation flaw to escalate privileges.

Exploitation requires the ability to execute low-privileged code on the target system.


8) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2026-45208)

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to time-of-check time-of-use race condition in the Apex One/SEP agent when handling file or resource access. A local user can win the race condition to escalate privileges.

Exploitation requires the ability to execute low-privileged code on the target system.


Remediation

Install update from vendor's website.

References