HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Critical Local Privilege Escalation in TrendAI Vision One Security Agent (CVE‑2026‑45208) Threatens Enterprise Endpoints

TrendAI’s Vision One Security Agent is vulnerable to a TOCTOU flaw that lets a low‑privileged attacker elevate to SYSTEM. The CVE‑2026‑45208 vulnerability carries a CVSS 7.8 score and can compromise endpoint security across multiple organizations, raising supply‑chain risk for TPRM teams.

LiveThreat™ Intelligence · 📅 May 29, 2026· 📰 zerodayinitiative.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
4 recommended
📰
Source
zerodayinitiative.com

Critical Local Privilege Escalation in TrendAI Vision One Security Agent (CVE‑2026‑45208) Threatens Enterprise Endpoints

What It Is – TrendAI’s Vision One Security Agent contains a Time‑Of‑Check‑Time‑Of‑Use (TOCTOU) flaw in the Apex One NT Real‑Time Scan service that permits a local attacker to gain SYSTEM privileges. The vulnerability is tracked as CVE‑2026‑45208 with a CVSS 7.8 (High).

Exploitability – Exploitation requires low‑privileged code execution on the host, after which the attacker can trigger the race condition to elevate to SYSTEM. No public exploit code has been released, but the vendor has issued a patch.

Affected Products – TrendAI Vision One Security Agent (all versions prior to the May 2026 update).

TPRM Impact – The agent is often deployed as a managed security service on third‑party client environments. A compromised agent can become a foothold for lateral movement, data exfiltration, or ransomware across the supply chain.

Recommended Actions

  • Verify patch deployment for CVE‑2026‑45208 via TrendAI KB KA‑0023430.
  • If patching is not immediately possible, isolate affected endpoints and enforce strict least‑privilege policies.
  • Review endpoint hardening controls and monitor for anomalous SYSTEM‑level activity.
  • Update third‑party risk registers to reflect the new vulnerability and reassess vendor risk scores.

Source: Zero Day Initiative Advisory ZDI‑26‑326

📰 Original Source
http://www.zerodayinitiative.com/advisories/ZDI-26-326/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →