HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

High CVSS Local Privilege Escalation in TrendAI Vision One Security Agent (CVE-2026-34930) Threatens Endpoint Integrity

TrendAI’s Vision One Security Agent is vulnerable to a local privilege escalation (CVE‑2026‑34930) that allows attackers with limited code execution to obtain SYSTEM privileges. The flaw resides in the Apex One NT Listener service and has been patched, but unpatched deployments remain at risk, posing a supply‑chain threat for organizations that outsource endpoint protection.

LiveThreat™ Intelligence · 📅 May 29, 2026· 📰 zerodayinitiative.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
5 recommended
📰
Source
zerodayinitiative.com

High CVSS Local Privilege Escalation in TrendAI Vision One Security Agent (CVE‑2026‑34930) Threatens Endpoint Integrity

What It Is – TrendAI’s Vision One Security Agent contains an origin‑validation flaw in the Apex One NT Listener service that enables a local attacker to elevate privileges from a low‑privileged account to SYSTEM. The vulnerability is tracked as CVE‑2026‑34930 and carries a CVSS 7.8 (High) score.

Exploitability – Exploitation requires the attacker to already run code with limited rights on the target host; no public exploit or malware leveraging this flaw has been observed. A vendor‑issued patch is available.

Affected Products – TrendAI Vision One (Security Agent) – all versions prior to the May 2026 update.

TPRM Impact – Organizations that rely on Vision One as a third‑party endpoint protection service inherit the risk of privilege escalation on any managed endpoint. Compromise of the agent can lead to full system control, credential theft, and lateral movement across the supply chain.

Recommended Actions

  • Deploy TrendAI’s patch (KB KA‑0023430) immediately on all Vision One agents.
  • Verify patch compliance via endpoint management tools; enforce a “no‑unpatched” policy.
  • Review privileged‑access controls on systems where Vision One runs; limit low‑privilege execution contexts.
  • Update third‑party risk registers to reflect the new CVE and adjust risk scores for vendors using Vision One.
  • Conduct a rapid audit of logs for any anomalous activity from the Apex One NT Listener service.

Source: Zero Day Initiative Advisory – ZDI‑26‑323

📰 Original Source
http://www.zerodayinitiative.com/advisories/ZDI-26-323/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →