Critical Local Privilege Escalation in TrendAI Vision One Security Agent (CVE‑2026‑45208) Threatens Enterprise Endpoints
What It Is – TrendAI’s Vision One Security Agent contains a Time‑Of‑Check‑Time‑Of‑Use (TOCTOU) flaw in the Apex One NT Real‑Time Scan service that permits a local attacker to gain SYSTEM privileges. The vulnerability is tracked as CVE‑2026‑45208 with a CVSS 7.8 (High).
Exploitability – Exploitation requires low‑privileged code execution on the host, after which the attacker can trigger the race condition to elevate to SYSTEM. No public exploit code has been released, but the vendor has issued a patch.
Affected Products – TrendAI Vision One Security Agent (all versions prior to the May 2026 update).
TPRM Impact – The agent is often deployed as a managed security service on third‑party client environments. A compromised agent can become a foothold for lateral movement, data exfiltration, or ransomware across the supply chain.
Recommended Actions –
- Verify patch deployment for CVE‑2026‑45208 via TrendAI KB KA‑0023430.
- If patching is not immediately possible, isolate affected endpoints and enforce strict least‑privilege policies.
- Review endpoint hardening controls and monitor for anomalous SYSTEM‑level activity.
- Update third‑party risk registers to reflect the new vulnerability and reassess vendor risk scores.