Critical Local Privilege Escalation in TrendAI Vision One Security Agent (CVE‑2026‑45207) Threatens Endpoint Integrity
What It Is – A newly disclosed vulnerability (CVE‑2026‑45207) in the Apex One NT Listener service of TrendAI Vision One Security Agent permits a local attacker to bypass origin validation and execute arbitrary code as SYSTEM. The flaw is rated CVSS 7.8 (High).
Exploitability – Exploitation requires the attacker to already run low‑privileged code on the endpoint; no public exploits or malware leveraging this flaw have been observed to date.
Affected Products – TrendAI Vision One Security Agent (all versions prior to the May 2026 patch).
TPRM Impact – Many enterprises rely on Vision One as a managed endpoint protection layer. A compromised agent can become a foothold for supply‑chain attackers, enabling lateral movement, data exfiltration, or sabotage of downstream services.
Recommended Actions –
- Deploy TrendAI’s May 2026 security update (KB KA‑0023430) immediately on all managed endpoints.
- Verify patch status via centralized asset inventory; flag any unpatched hosts for urgent remediation.
- Review privileged account usage on endpoints; enforce least‑privilege and MFA for local admin accounts.
- Update third‑party risk registers to reflect the new LPE risk and communicate with affected vendors.