← back
CVE-2026-34926

CVE-2026-34926

CVSS 6.7 MEDIUMEPSS 12.7%● KEVCWE-23
In short

A flaw in Apex One on-premise server allows someone with admin access to manipulate files outside intended directories, potentially injecting malicious code that gets sent to connected agents.

Technical detail

Directory traversal vulnerability (CWE-23) in Apex One on-premise server permits pre-authenticated local attackers with administrative credentials to modify critical configuration tables, enabling injection of malicious payloads distributed to managed endpoints. Exploitation requires prior compromise of administrative credentials and local or authenticated network access to the server.

Summary generated and translated by AI from the official description.
A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L
Affected products
Trend Micro, Inc. · TrendAI Apex OneTrend Micro, Inc. · TrendAI Apex One as a Service
public PoCs found1
githubgithub.com/HORKimhab/CVE-2026-349260
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jvn.jp/en/vu/JVNVU90583059/https://success.trendmicro.com/en-US/solution/KA-0023430https://success.trendmicro.com/ja-JP/solution/KA-0022974https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34926https://www.jpcert.or.jp/english/at/2026/at260014.html