High CVSS Local Privilege Escalation in TrendAI Vision One Security Agent (CVE-2026-34928) Threatens Endpoint Integrity
What It Is — A local privilege escalation flaw in the Apex One NT Listener service of TrendAI Vision One Security Agent permits a low‑privileged attacker to obtain SYSTEM rights. The root cause is insufficient validation of the origin of commands processed by the service.
Exploitability — Exploitation requires prior execution of low‑privileged code on the target host; no public PoC is released, but the vulnerability is actively being patched. CVSS 7.8 (High).
Affected Products — TrendAI Vision One Security Agent (all versions released before the May 2026 security update).
TPRM Impact — A compromised third‑party endpoint security agent can give an attacker full control of the host, enabling data exfiltration, lateral movement, and sabotage of security controls across the supply chain.
Recommended Actions — Deploy TrendAI’s May 2026 patch without delay; enforce strict least‑privilege execution policies; validate endpoint integrity with independent monitoring tools; monitor for anomalous SYSTEM‑level activity; incorporate patch‑management clauses into vendor contracts to ensure timely remediation.