Local Privilege Escalation (CVE‑2026‑34929) in TrendAI Vision One Security Agent Threatens Endpoint Integrity
What It Is — TrendAI’s Vision One Security Agent contains an origin‑validation flaw in the Apex One NT Listener service that permits a local attacker to elevate privileges to SYSTEM. The vulnerability is tracked as CVE‑2026‑34929 and carries a CVSS 7.8 (High) score.
Exploitability — Exploitation requires the attacker to already run low‑privileged code on the host; no public exploit or malware leveraging this flaw has been observed in the wild.
Affected Products — TrendAI Vision One (Security Agent) – all versions prior to the vendor‑released patch.
TPRM Impact – Organizations that rely on TrendAI as a third‑party endpoint‑security provider may face lateral‑movement risk, potential data exposure, and compliance implications if the flaw is not promptly remediated.
Recommended Actions – Deploy TrendAI’s patch (see KB KA‑0023430) across all Vision One agents, verify remediation via inventory tools, monitor NT Listener logs for anomalous activity, and consider temporarily disabling the service if patching cannot be completed immediately. Source: Zero Day Initiative advisory