HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Local Privilege Escalation in TrendAI Vision One Security Agent (CVE‑2026‑45206) Threatens Enterprise Endpoint Protection

TrendAI disclosed CVE‑2026‑45206, a local privilege‑escalation flaw in its Vision One Security Agent. The defect allows an attacker with low‑privilege code execution to gain SYSTEM rights, posing a serious supply‑chain risk for organizations that rely on the agent for endpoint protection.

LiveThreat™ Intelligence · 📅 May 29, 2026· 📰 zerodayinitiative.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
4 recommended
📰
Source
zerodayinitiative.com

Local Privilege Escalation in TrendAI Vision One Security Agent (CVE‑2026‑45206) Threatens Enterprise Endpoint Protection

What It Is – TrendAI’s Vision One Security Agent contains an origin‑validation flaw in the Apex One NT Listener service that permits a low‑privileged attacker to execute arbitrary code as SYSTEM. The vulnerability is tracked as CVE‑2026‑45206 and carries a CVSS 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Exploitability – The bug is local‑only; an attacker must already have a foothold on the endpoint to exploit it. No public exploit code has been released, but the low attack complexity and high impact make it a prime target for post‑exploitation toolkits.

Affected Products – TrendAI Vision One Security Agent (all versions prior to the May 2026 patch).

TPRM Impact – A compromised endpoint can become a launchpad for lateral movement across a supplier’s network, jeopardizing the confidentiality, integrity, and availability of downstream customers’ data and services.

Recommended Actions

  • Verify patch status on all Vision One agents; apply the May 2026 update immediately.
  • Enforce strict least‑privilege policies for any processes that may run the agent.
  • Conduct a rapid inventory of endpoints that have not yet received the patch and prioritize remediation.
  • Review EDR/EDM logs for anomalous SYSTEM‑level activity originating from the Apex One NT Listener.
  • Update third‑party risk questionnaires to include this CVE and require vendors to demonstrate timely patching.

Source: Zero Day Initiative Advisory – ZDI‑26‑324

📰 Original Source
http://www.zerodayinitiative.com/advisories/ZDI-26-324/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →