CVE-2026-34926
medium
KEV
CVSS v3
6.7
CVSS v2
—
VIR risk
8.2
Description
Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.
CISA KEV
- Vendor
- Trend Micro
- Product
- Apex One
- Due date
- 2026-06-04
Predictions
Exploit likelihood
99%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cisa-kev — https://success.trendmicro.com/en-US/solution/KA-0023430 ; https://nvd.nist.gov/vuln/detail/CVE-2026-34926
Vendor advisory: security@trendmicro.com — https://success.trendmicro.com/ja-JP/solution/KA-0022974
Vendor advisory: security@trendmicro.com — https://success.trendmicro.com/en-US/solution/KA-0023430
Exploits
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| trendmicro | apex_one | {"endExcluding":"14.0.0.17079"} | 14.0.0.17079 |
References
- https://jvn.jp/en/vu/JVNVU90583059/
- https://success.trendmicro.com/en-US/solution/KA-0023430
- https://success.trendmicro.com/ja-JP/solution/KA-0022974
- https://www.jpcert.or.jp/english/at/2026/at260014.html
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34926
- https://success.trendmicro.com/en-US/solution/KA-0023430 ; https://nvd.nist.gov/vuln/detail/CVE-2026-34926
CWEs
CWE-23
Verify integrity in audit chain (admin only). AS-IS.