HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Critical Local Privilege Escalation (CVE‑2026‑34927) in TrendAI Vision One Security Agent Threatens Endpoint Integrity

TrendAI’s Vision One security agent is vulnerable to a local privilege escalation (CVE‑2026‑34927) that allows attackers with low‑privileged code execution to obtain SYSTEM rights. The flaw impacts all unpatched installations and poses a supply‑chain risk for organizations and managed‑service providers that rely on the agent for endpoint protection.

LiveThreat™ Intelligence · 📅 May 29, 2026· 📰 zerodayinitiative.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
4 recommended
📰
Source
zerodayinitiative.com

Critical Local Privilege Escalation (CVE‑2026‑34927) in TrendAI Vision One Security Agent Threatens Endpoint Integrity

What It Is – TrendAI’s Vision One security agent contains an origin‑validation flaw in the Apex One NT Listener service that permits a local attacker to elevate privileges to SYSTEM and execute arbitrary code. The vulnerability is tracked as CVE‑2026‑34927 with a CVSS 7.8 (High) score.

Exploitability – Exploitation requires the attacker to already run low‑privileged code on the endpoint; no public exploit or active ransomware campaign has been observed, but the flaw is fully disclosed and a vendor patch is available.

Affected Products – TrendAI Vision One Security Agent (all versions prior to the May 2026 update).

TPRM Impact – Organizations that rely on Vision One for endpoint protection—especially MSPs and SaaS providers—face a supply‑chain risk where compromised agents could be leveraged to gain SYSTEM rights on customer machines, enabling data theft, lateral movement, or ransomware deployment.

Recommended Actions

  • Deploy TrendAI’s May 2026 patch (KB KA‑0023430) immediately on all Vision One agents.
  • Verify patch status via the vendor’s update inventory API or endpoint management console.
  • Conduct a short‑term audit of endpoint logs for anomalous NT Listener activity.
  • For MSPs, confirm that all client environments are patched and consider temporary segmentation of agents pending remediation.

Source: Zero Day Initiative Advisory – ZDI‑26‑320

📰 Original Source
http://www.zerodayinitiative.com/advisories/ZDI-26-320/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →