- Trend Micro fixes CVE‑2026‑34926, a medium severity directory traversal flaw in Apex One (on-premises) that allows local administrators to inject malicious code
- Although it requires prior administrator access, the bug is already being exploited in the wild, requiring urgent patching advice.
- CISA is adding it to the KEV Catalog, giving federal agencies until June 4, 2026 to update or discontinue its use in accordance with BOD 22-01.
A dangerous vulnerability in Trend Micro’s Apex One product is being actively exploited in the wild, researchers have warned, urging users to apply the provided patch as soon as possible.
Apex One is Trend Micro’s Endpoint Protection Platform (EPP) designed to protect enterprise devices against malware, ransomware, fileless attacks, and various other cyber threats. It uses a combination of antivirus features, behavioral analysis, machine learning and EDR/XDR. It appears to be quite popular, with some sources counting the number of customers in the thousands.
The company has now released a patch for a directory traversal vulnerability in the on-premises variant of Apex One, which could allow local actors (with administrator privileges) to inject malicious code.
Capture Tokens
“A directory traversal vulnerability in the Apex One server (on-premises) could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations,” the NVD entry states.
“This vulnerability is only exploitable on the on-premises version of Apex One and a potential attacker must have access to the Apex One server and have already obtained the server’s administrative credentials via another method to exploit this vulnerability.”
The bug is now tracked under number CVE-2026-34926 and has a severity score of 6.7/10 (medium).
While all of this indicates a low-risk vulnerability, Trend Micro said it has already seen “at least one” exploit attempt.
We don’t know if a single attempt is enough to be listed in CISA’s Known Exploited Vulnerabilities (KEV) database, but the US agency has just done so. Last Thursday, CISA disclosed a new entry in the catalog, giving Federal Civilian Executive Branch (FCEB) agencies a June 4 deadline to apply the patch or stop using Apex One altogether.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said. “Apply mitigation measures in accordance with the vendor’s instructions, follow applicable BOD 22-01 guidelines for cloud services, or discontinue use of the product if mitigation measures are not available.”
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
