CVE-2026-34926
CVE-2026-34926 is a medium-severity vulnerability in Trendmicro Apex One with a CVSS 3.x base score of 6.7. It is listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, confirming it has been exploited in the wild (added 2026-05-21). The underlying weakness is classified as CWE-23.
Key facts
- Severity: Medium (CVSS 3.x base score 6.7)
- EPSS exploit prediction: 13% (96th percentile)
- Actively exploited: Yes — listed in CISA KEV (added 2026-05-21)
- EU (EUVD) id: EUVD-2026-31284
- EU exploitation: Flagged exploited in the ENISA EU Vulnerability Database (since 2026-05-21)
- Weakness: CWE-23
- Affected product: Trendmicro Apex One
- Published:
- Last modified:
Description
A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.
Frequently asked questions
- What is CVE-2026-34926?
- A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.
- How severe is CVE-2026-34926?
- CVE-2026-34926 has a CVSS 3.x base score of 6.7, rated medium severity. It is exploitable over local access with high attack complexity, requires high privileges and no user interaction. Impact on confidentiality is high, integrity low, and availability low.
- Is CVE-2026-34926 being actively exploited?
- Yes. CVE-2026-34926 is on CISA's Known Exploited Vulnerabilities (KEV) catalog, added on 2026-05-21, which means active exploitation has been confirmed. It should be prioritised for remediation.
- What products are affected by CVE-2026-34926?
- CVE-2026-34926 primarily affects Trendmicro Apex One. In total, 2 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2026-34926?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Because this CVE is known to be actively exploited, treat remediation as urgent — CISA KEV typically sets a short remediation deadline.
- Does CVE-2026-34926 have an EU (EUVD) identifier?
- Yes. CVE-2026-34926 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-31284. It is also flagged as exploited in the EUVD (since 2026-05-21).
- When was CVE-2026-34926 published?
- CVE-2026-34926 was published on 2026-05-21 and last updated on 2026-06-17.
References
- https://jvn.jp/en/vu/JVNVU90583059/
- https://success.trendmicro.com/en-US/solution/KA-0023430
- https://success.trendmicro.com/ja-JP/solution/KA-0022974
- https://www.jpcert.or.jp/english/at/2026/at260014.html
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34926
Affected products (2)
- cpe:2.3:a:trendmicro:apex_one:*:*:*:*:on-premises:windows:*:*
- cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:windows:*:*
More vulnerabilities in Trendmicro Apex One
- CVE-2025-71211 — Critical (CVSS 9.8): A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code…
- CVE-2025-71210 — Critical (CVSS 9.8): A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code…
- CVE-2023-32557 — Critical (CVSS 9.8): A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated…
- CVE-2023-25143 — Critical (CVSS 9.8): An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker…
- CVE-2022-40144 — Critical (CVSS 9.8): A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the…
- CVE-2022-26871 — Critical (CVSS 9.8): An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to…
All CVEs affecting Trendmicro Apex One →
Other CWE-23 vulnerabilities
- CVE-2026-52813 — Critical (CVSS 10.0): Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization names containing path traversal sequences…
- CVE-2026-8326 — Critical (CVSS 10.0): Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing…
- CVE-2026-33494 — Critical (CVSS 10.0): ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based…
- CVE-2023-3941 — Critical (CVSS 10.0): Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system…
- CVE-2024-24578 — Critical (CVSS 10.0): RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior…
- CVE-2012-6069 — Critical (CVSS 10.0): The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an…