HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Critical Local Privilege Escalation in TrendAI Vision One Security Agent (CVE‑2026‑45207) Threatens Endpoint Integrity

TrendAI disclosed CVE‑2026‑45207, a local privilege escalation flaw in Vision One Security Agent that lets low‑privileged code gain SYSTEM rights. Enterprises using the agent must patch immediately to avoid supply‑chain compromise.

LiveThreat™ Intelligence · 📅 May 29, 2026· 📰 zerodayinitiative.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
4 recommended
📰
Source
zerodayinitiative.com

Critical Local Privilege Escalation in TrendAI Vision One Security Agent (CVE‑2026‑45207) Threatens Endpoint Integrity

What It Is – A newly disclosed vulnerability (CVE‑2026‑45207) in the Apex One NT Listener service of TrendAI Vision One Security Agent permits a local attacker to bypass origin validation and execute arbitrary code as SYSTEM. The flaw is rated CVSS 7.8 (High).

Exploitability – Exploitation requires the attacker to already run low‑privileged code on the endpoint; no public exploits or malware leveraging this flaw have been observed to date.

Affected Products – TrendAI Vision One Security Agent (all versions prior to the May 2026 patch).

TPRM Impact – Many enterprises rely on Vision One as a managed endpoint protection layer. A compromised agent can become a foothold for supply‑chain attackers, enabling lateral movement, data exfiltration, or sabotage of downstream services.

Recommended Actions

  • Deploy TrendAI’s May 2026 security update (KB KA‑0023430) immediately on all managed endpoints.
  • Verify patch status via centralized asset inventory; flag any unpatched hosts for urgent remediation.
  • Review privileged account usage on endpoints; enforce least‑privilege and MFA for local admin accounts.
  • Update third‑party risk registers to reflect the new LPE risk and communicate with affected vendors.

Source: Zero Day Initiative Advisory – ZDI‑26‑325

📰 Original Source
http://www.zerodayinitiative.com/advisories/ZDI-26-325/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →