HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

Active Exploitation of Trend Micro Apex One Path Traversal (CVE‑2026‑34926) Threatens Endpoint Security

Trend Micro confirmed that CVE‑2026‑34926 – a relative directory path‑traversal bug in Apex One on‑prem servers – is being actively exploited. An attacker with admin credentials can modify server tables to push malicious payloads to every endpoint agent, creating a supply‑chain risk for all organizations that rely on the platform.

LiveThreat™ Intelligence · 📅 May 26, 2026· 📰 helpnetsecurity.com
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
5 recommended
📰
Source
helpnetsecurity.com

Active Exploitation of Trend Micro Apex One Path Traversal (CVE‑2026‑34926) Threatens Endpoint Security

What It Is – A relative directory path‑traversal flaw (CVE‑2026‑34926) in the on‑premise version of Trend Micro Apex One allows a pre‑authenticated attacker with administrative rights on the Apex One server to modify a key table and inject malicious code that is subsequently pushed to all managed agents.

Exploitability – The vulnerability is being actively exploited in the wild; Trend Micro’s TrendAI team observed at least one exploitation attempt. CISA has added it to the Known Exploited Vulnerabilities catalog and issued a mandatory patch deadline for U.S. federal agencies. (CVSS ≈ 8.5 – critical).

Affected Products – Trend Micro Apex One (on‑prem server) and its lightweight endpoint agents (Windows, macOS, Linux). The SaaS‑based Apex One as a Service and Vision One Endpoint Security were patched in April 2026.

TPRM Impact – Because the server acts as a trusted distribution point, a compromised Apex One server can become a supply‑chain conduit for malware, potentially affecting every downstream client, partner, or subsidiary that relies on the same security platform.

Recommended Actions

  • Deploy the April 2026 patches to the Apex One server and all agents immediately.
  • Conduct a privileged‑access review: ensure only authorized personnel hold admin rights on the Apex One console.
  • Harden remote‑access pathways (VPN, RDP, jump hosts) and enforce MFA for all admin accounts.
  • Verify integrity of agents post‑patch (checksums, signed binaries).
  • Update incident‑response playbooks to include detection of anomalous agent‑update traffic.

Source: Help Net Security – Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE‑2026‑34926)

📰 Original Source
https://www.helpnetsecurity.com/2026/05/26/actively-exploited-trend-micro-apex-one-flaw-cve-2026-34926/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →