High CVSS Local Privilege Escalation in TrendAI Vision One Security Agent (CVE‑2026‑34930) Threatens Endpoint Integrity
What It Is – TrendAI’s Vision One Security Agent contains an origin‑validation flaw in the Apex One NT Listener service that enables a local attacker to elevate privileges from a low‑privileged account to SYSTEM. The vulnerability is tracked as CVE‑2026‑34930 and carries a CVSS 7.8 (High) score.
Exploitability – Exploitation requires the attacker to already run code with limited rights on the target host; no public exploit or malware leveraging this flaw has been observed. A vendor‑issued patch is available.
Affected Products – TrendAI Vision One (Security Agent) – all versions prior to the May 2026 update.
TPRM Impact – Organizations that rely on Vision One as a third‑party endpoint protection service inherit the risk of privilege escalation on any managed endpoint. Compromise of the agent can lead to full system control, credential theft, and lateral movement across the supply chain.
Recommended Actions –
- Deploy TrendAI’s patch (KB KA‑0023430) immediately on all Vision One agents.
- Verify patch compliance via endpoint management tools; enforce a “no‑unpatched” policy.
- Review privileged‑access controls on systems where Vision One runs; limit low‑privilege execution contexts.
- Update third‑party risk registers to reflect the new CVE and adjust risk scores for vendors using Vision One.
- Conduct a rapid audit of logs for any anomalous activity from the Apex One NT Listener service.