2026-0521-TM-A1-001

Vulnerability from csaf_trendmicro - Published: 2026-05-21 13:00 - Updated: 2026-05-21 13:00
Summary
ITW SECURITY BULLETIN: Apex One and Vision One and Standard Endpoint Protection (SEP) May 2026 Security Bulletin
Notes
Summary: TrendAI has released updates to Apex One (on-premise), Apex One as a Service and Vision One - Standard Endpoint Protection (SEP) to resolve multiple vulnerabilities. ! ITW Notification: TrendAI has observed at least one instance of an attempt to actively exploit one of these vulnerabilities in the wild.
Disclaimer: THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. TREND MICRO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Trend Micro products.
Document License: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/legalcode) If you distribute this content, or a modified version of it, you must provide attribution to Trend Micro, Inc. and provide a link to the original.
Mitigating Factors: Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.

A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.

This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.

CWE-23 - Relative Path Traversal
Affected products
Product Identifier Version Remediation
Trend Micro Apex One (2019) On-prem SP1 CP Build 17079
Trend Micro / Apex One
cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:* 14.0.0.17079
Trend Micro Apex One (2019) On-prem Security Agent SP1 CP Build 17079
Trend Micro / Apex One Security Agent
14.0.0.17079
Trend Micro Apex One as a Service 14.0.20731
Trend Micro / Apex One as a Service
cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:* 14.0.20731
Trend Micro Apex One as a Service Security Agent 14.0.20731
Trend Micro / Apex One as a Service Security Agent
14.0.20731
Product Identifier Version Remediation
Trend Micro Apex One (2019) On-prem<14.0.0.17079
Trend Micro / Apex One
vers:intdot/<14.0.0.17079
Vendor Fix fix
Trend Micro Apex One (2019) On-prem Security Agent<14.0.0.17079
Trend Micro / Apex One Security Agent
vers:intdot/<14.0.0.17079
Vendor Fix fix
Trend Micro Apex One as a Service <14.0.20731
Trend Micro / Apex One as a Service
vers:intdot/<14.0.20731
Vendor Fix fix
Trend Micro Apex One as a Service Agent<14.0.20731
Trend Micro / Apex One as a Service Security Agent
vers:intdot/<14.0.20731
Vendor Fix fix

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CWE-346 - Origin Validation Error
Affected products
Product Identifier Version Remediation
Trend Micro Apex One (2019) On-prem SP1 CP Build 17079
Trend Micro / Apex One
cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:* 14.0.0.17079
Trend Micro Apex One (2019) On-prem Security Agent SP1 CP Build 17079
Trend Micro / Apex One Security Agent
14.0.0.17079
Product Identifier Version Remediation
Trend Micro Apex One (2019) On-prem<14.0.0.17079
Trend Micro / Apex One
vers:intdot/<14.0.0.17079
Vendor Fix fix
Trend Micro Apex One (2019) On-prem Security Agent<14.0.0.17079
Trend Micro / Apex One Security Agent
vers:intdot/<14.0.0.17079
Vendor Fix fix

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CWE-346 - Origin Validation Error
Affected products
Product Identifier Version Remediation
Trend Micro Apex One (2019) On-prem SP1 CP Build 17079
Trend Micro / Apex One
cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:* 14.0.0.17079
Trend Micro Apex One (2019) On-prem Security Agent SP1 CP Build 17079
Trend Micro / Apex One Security Agent
14.0.0.17079
Product Identifier Version Remediation
Trend Micro Apex One (2019) On-prem<14.0.0.17079
Trend Micro / Apex One
vers:intdot/<14.0.0.17079
Vendor Fix fix
Trend Micro Apex One (2019) On-prem Security Agent<14.0.0.17079
Trend Micro / Apex One Security Agent
vers:intdot/<14.0.0.17079
Vendor Fix fix

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CWE-346 - Origin Validation Error
Affected products
Product Identifier Version Remediation
Trend Micro Apex One (2019) On-prem SP1 CP Build 17079
Trend Micro / Apex One
cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:* 14.0.0.17079
Trend Micro Apex One (2019) On-prem Security Agent SP1 CP Build 17079
Trend Micro / Apex One Security Agent
14.0.0.17079
Product Identifier Version Remediation
Trend Micro Apex One (2019) On-prem<14.0.0.17079
Trend Micro / Apex One
vers:intdot/<14.0.0.17079
Vendor Fix fix
Trend Micro Apex One (2019) On-prem Security Agent<14.0.0.17079
Trend Micro / Apex One Security Agent
vers:intdot/<14.0.0.17079
Vendor Fix fix

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CWE-346 - Origin Validation Error
Affected products
Product Identifier Version Remediation
Trend Micro Apex One (2019) On-prem SP1 CP Build 17079
Trend Micro / Apex One
cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:* 14.0.0.17079
Trend Micro Apex One (2019) On-prem Security Agent SP1 CP Build 17079
Trend Micro / Apex One Security Agent
14.0.0.17079
Product Identifier Version Remediation
Trend Micro Apex One (2019) On-prem<14.0.0.17079
Trend Micro / Apex One
vers:intdot/<14.0.0.17079
Vendor Fix fix
Trend Micro Apex One (2019) On-prem Security Agent<14.0.0.17079
Trend Micro / Apex One Security Agent
vers:intdot/<14.0.0.17079
Vendor Fix fix

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CWE-346 - Origin Validation Error
Affected products
Product Identifier Version Remediation
Trend Micro Apex One (2019) On-prem SP1 CP Build 17079
Trend Micro / Apex One
cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:* 14.0.0.17079
Trend Micro Apex One (2019) On-prem Security Agent SP1 CP Build 17079
Trend Micro / Apex One Security Agent
14.0.0.17079
Product Identifier Version Remediation
Trend Micro Apex One (2019) On-prem<14.0.0.17079
Trend Micro / Apex One
vers:intdot/<14.0.0.17079
Vendor Fix fix
Trend Micro Apex One (2019) On-prem Security Agent<14.0.0.17079
Trend Micro / Apex One Security Agent
vers:intdot/<14.0.0.17079
Vendor Fix fix

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 but exists in a different process protection communication mechanism.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CWE-346 - Origin Validation Error
Affected products
Product Identifier Version Remediation
Trend Micro Apex One (2019) On-prem SP1 CP Build 17079
Trend Micro / Apex One
cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:* 14.0.0.17079
Trend Micro Apex One (2019) On-prem Security Agent SP1 CP Build 17079
Trend Micro / Apex One Security Agent
14.0.0.17079
Product Identifier Version Remediation
Trend Micro Apex One (2019) On-prem<14.0.0.17079
Trend Micro / Apex One
vers:intdot/<14.0.0.17079
Vendor Fix fix
Trend Micro Apex One (2019) On-prem Security Agent<14.0.0.17079
Trend Micro / Apex One Security Agent
vers:intdot/<14.0.0.17079
Vendor Fix fix

A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CWE-346 - Origin Validation Error
Affected products
Product Identifier Version Remediation
Trend Micro Apex One (2019) On-prem SP1 CP Build 17079
Trend Micro / Apex One
cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:* 14.0.0.17079
Trend Micro Apex One (2019) On-prem Security Agent SP1 CP Build 17079
Trend Micro / Apex One Security Agent
14.0.0.17079
Product Identifier Version Remediation
Trend Micro Apex One (2019) On-prem<14.0.0.17079
Trend Micro / Apex One
vers:intdot/<14.0.0.17079
Vendor Fix fix
Trend Micro Apex One (2019) On-prem Security Agent<14.0.0.17079
Trend Micro / Apex One Security Agent
vers:intdot/<14.0.0.17079
Vendor Fix fix
Acknowledgments
TrendAI Incident Response (IR) Team
TRAPA Security Lays (@_L4ys)

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "TrendAI has released updates to Apex One (on-premise), Apex One as a Service and Vision One - Standard Endpoint Protection (SEP) to resolve multiple vulnerabilities. ! ITW Notification: TrendAI has observed at least one instance of an attempt to actively exploit one of these vulnerabilities in the wild.",
        "title": "Summary"
      },
      {
        "category": "legal_disclaimer",
        "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. TREND MICRO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\n\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Trend Micro products.",
        "title": "Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/legalcode) If you distribute this content, or a modified version of it, you must provide attribution to Trend Micro, Inc. and provide a link to the original.",
        "title": "Document License"
      },
      {
        "category": "summary",
        "text": "Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.",
        "title": "Mitigating Factors"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "security@trendmicro.com",
      "issuing_authority": "TrendAI PSIRT is responsible for vulnerability handling across all TrendAI supported products, including any end-of-life products.",
      "name": "TrendAI (Trend Micro) PSIRT",
      "namespace": "https://www.trendmicro.com/vulnerability"
    },
    "references": [
      {
        "category": "self",
        "summary": "TrendAI Security Bulletin",
        "url": "https://success.trendmicro.com/en-US/solution/KA-0023430"
      },
      {
        "category": "self",
        "summary": "2026-0521-TM-A1-001 - CSAF Version",
        "url": "https://www.trendmicro.com/.well-known/csaf/2026/2026-0521-tm-a1-001.json"
      }
    ],
    "title": "ITW SECURITY BULLETIN: Apex One and Vision One and Standard Endpoint Protection (SEP) May 2026 Security Bulletin",
    "tracking": {
      "aliases": [
        "KA-0019917"
      ],
      "current_release_date": "2026-05-21T13:00:00.000Z",
      "generator": {
        "date": "2026-05-19T14:43:54.988Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.6.1"
        }
      },
      "id": "2026-0521-TM-A1-001",
      "initial_release_date": "2026-05-21T13:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-05-21T13:00:00.000Z",
          "number": "1",
          "summary": "Initial version."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c14.0.0.17079",
                "product": {
                  "name": "Trend Micro Apex One (2019) On-prem\u003c14.0.0.17079",
                  "product_id": "TM-A1-001"
                }
              },
              {
                "category": "product_version",
                "name": "14.0.0.17079",
                "product": {
                  "name": "Trend Micro Apex One (2019) On-prem SP1 CP Build 17079",
                  "product_id": "TM-A1-002",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Apex One"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c14.0.20731",
                "product": {
                  "name": "Trend Micro Apex One as a Service \u003c14.0.20731",
                  "product_id": "TM-A1SAAS-001"
                }
              },
              {
                "category": "product_version",
                "name": "14.0.20731",
                "product": {
                  "name": "Trend Micro Apex One as a Service 14.0.20731",
                  "product_id": "TM-A1SAAS-002",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:*"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Apex One as a Service"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c14.0.0.17079",
                "product": {
                  "name": "Trend Micro Apex One (2019) On-prem Security Agent\u003c14.0.0.17079",
                  "product_id": "TM-A1-003"
                }
              },
              {
                "category": "product_version",
                "name": "14.0.0.17079",
                "product": {
                  "name": "Trend Micro Apex One (2019) On-prem Security Agent SP1 CP Build 17079",
                  "product_id": "TM-A1-004"
                }
              }
            ],
            "category": "product_name",
            "name": "Apex One Security Agent"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c14.0.20731",
                "product": {
                  "name": "Trend Micro Apex One as a Service Agent\u003c14.0.20731",
                  "product_id": "TM-A1SAAS-003"
                }
              },
              {
                "category": "product_version",
                "name": "14.0.20731",
                "product": {
                  "name": "Trend Micro Apex One as a Service Security Agent 14.0.20731",
                  "product_id": "TM-A1SAAS-004"
                }
              }
            ],
            "category": "product_name",
            "name": "Apex One as a Service Security Agent"
          }
        ],
        "category": "vendor",
        "name": "Trend Micro"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "TrendAI Incident Response (IR) Team"
          ]
        }
      ],
      "cve": "CVE-2026-34926",
      "cwe": {
        "id": "CWE-23",
        "name": "Relative Path Traversal"
      },
      "notes": [
        {
          "category": "description",
          "text": "A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.",
          "title": "CVE description"
        },
        {
          "category": "description",
          "text": "This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.",
          "title": "Preconditions"
        }
      ],
      "product_status": {
        "fixed": [
          "TM-A1-002",
          "TM-A1-004",
          "TM-A1SAAS-002",
          "TM-A1SAAS-004"
        ],
        "known_affected": [
          "TM-A1-001",
          "TM-A1-003",
          "TM-A1SAAS-001",
          "TM-A1SAAS-003"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-21T13:00:00.000Z",
          "details": "Update to SP1 CP Build 17079 or later",
          "product_ids": [
            "TM-A1-001",
            "TM-A1-003"
          ],
          "url": "http://downloadcenter.trendmicro.com/"
        },
        {
          "category": "vendor_fix",
          "date": "2026-05-21T13:00:00.000Z",
          "details": "Update to Security Agent Version 14.0.20731 or later",
          "product_ids": [
            "TM-A1SAAS-001",
            "TM-A1SAAS-003"
          ],
          "url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 6.6,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "temporalScore": 6.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "TM-A1-001",
            "TM-A1-003",
            "TM-A1SAAS-001",
            "TM-A1SAAS-003"
          ]
        }
      ],
      "title": "Server Directory Traversal Vulnerability"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Lays (@_L4ys)"
          ],
          "organization": "TRAPA Security",
          "summary": "working with Trend Micro\u0027s Zero Day Initiative"
        }
      ],
      "cve": "CVE-2026-34927",
      "cwe": {
        "id": "CWE-346",
        "name": "Origin Validation Error"
      },
      "notes": [
        {
          "category": "description",
          "text": "An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.",
          "title": "CVE description"
        },
        {
          "category": "description",
          "text": "Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
          "title": "Preconditions"
        }
      ],
      "product_status": {
        "fixed": [
          "TM-A1-002",
          "TM-A1-004"
        ],
        "known_affected": [
          "TM-A1-001",
          "TM-A1-003"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "ZDI-CAN-27959",
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-362/"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-21T13:00:00.000Z",
          "details": "Update to SP1 CP Build 17079 or later",
          "product_ids": [
            "TM-A1-001",
            "TM-A1-003"
          ],
          "url": "http://downloadcenter.trendmicro.com/"
        },
        {
          "category": "vendor_fix",
          "date": "2026-05-21T13:00:00.000Z",
          "details": "Update to Security Agent Version 14.0.20731 or later",
          "product_ids": [
            "TM-A1SAAS-001",
            "TM-A1SAAS-003"
          ],
          "url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "TM-A1-001",
            "TM-A1-003"
          ]
        }
      ],
      "title": "Security Agent Origin Validation Error Local Privilege Vulnerability"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Lays (@_L4ys)"
          ],
          "organization": "TRAPA Security",
          "summary": "working with Trend Micro\u0027s Zero Day Initiative"
        }
      ],
      "cve": "CVE-2026-34927",
      "cwe": {
        "id": "CWE-346",
        "name": "Origin Validation Error"
      },
      "notes": [
        {
          "category": "description",
          "text": "An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.",
          "title": "CVE description"
        },
        {
          "category": "description",
          "text": "Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
          "title": "Preconditions"
        }
      ],
      "product_status": {
        "fixed": [
          "TM-A1-002",
          "TM-A1-004"
        ],
        "known_affected": [
          "TM-A1-001",
          "TM-A1-003"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "ZDI-CAN-27959",
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-362/"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-21T13:00:00.000Z",
          "details": "Update to SP1 CP Build 17079 or later",
          "product_ids": [
            "TM-A1-001",
            "TM-A1-003"
          ],
          "url": "http://downloadcenter.trendmicro.com/"
        },
        {
          "category": "vendor_fix",
          "date": "2026-05-21T13:00:00.000Z",
          "details": "Update to Security Agent Version 14.0.20731 or later",
          "product_ids": [
            "TM-A1SAAS-001",
            "TM-A1SAAS-003"
          ],
          "url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "TM-A1-001",
            "TM-A1-003"
          ]
        }
      ],
      "title": "Security Agent Origin Validation Error Local Privilege Vulnerability"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Lays (@_L4ys)"
          ],
          "organization": "TRAPA Security",
          "summary": "working with Trend Micro\u0027s Zero Day Initiative"
        }
      ],
      "cve": "CVE-2026-34929",
      "cwe": {
        "id": "CWE-346",
        "name": "Origin Validation Error"
      },
      "notes": [
        {
          "category": "description",
          "text": "An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism.",
          "title": "CVE description"
        },
        {
          "category": "description",
          "text": "Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
          "title": "Preconditions"
        }
      ],
      "product_status": {
        "fixed": [
          "TM-A1-002",
          "TM-A1-004"
        ],
        "known_affected": [
          "TM-A1-001",
          "TM-A1-003"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "ZDI-CAN-28077",
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-362/"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-21T13:00:00.000Z",
          "details": "Update to SP1 CP Build 17079 or later",
          "product_ids": [
            "TM-A1-001",
            "TM-A1-003"
          ],
          "url": "http://downloadcenter.trendmicro.com/"
        },
        {
          "category": "vendor_fix",
          "date": "2026-05-21T13:00:00.000Z",
          "details": "Update to Security Agent Version 14.0.20731 or later",
          "product_ids": [
            "TM-A1SAAS-001",
            "TM-A1SAAS-003"
          ],
          "url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "TM-A1-001",
            "TM-A1-003"
          ]
        }
      ],
      "title": "Security Agent Origin Validation Error Local Privilege Vulnerability"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Lays (@_L4ys)"
          ],
          "organization": "TRAPA Security",
          "summary": "working with Trend Micro\u0027s Zero Day Initiative"
        }
      ],
      "cve": "CVE-2026-34930",
      "cwe": {
        "id": "CWE-346",
        "name": "Origin Validation Error"
      },
      "notes": [
        {
          "category": "description",
          "text": "An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism.",
          "title": "CVE description"
        },
        {
          "category": "description",
          "text": "Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
          "title": "Preconditions"
        }
      ],
      "product_status": {
        "fixed": [
          "TM-A1-002",
          "TM-A1-004"
        ],
        "known_affected": [
          "TM-A1-001",
          "TM-A1-003"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "ZDI-CAN-28089",
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-362/"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-21T13:00:00.000Z",
          "details": "Update to SP1 CP Build 17079 or later",
          "product_ids": [
            "TM-A1-001",
            "TM-A1-003"
          ],
          "url": "http://downloadcenter.trendmicro.com/"
        },
        {
          "category": "vendor_fix",
          "date": "2026-05-21T13:00:00.000Z",
          "details": "Update to Security Agent Version 14.0.20731 or later",
          "product_ids": [
            "TM-A1SAAS-001",
            "TM-A1SAAS-003"
          ],
          "url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "TM-A1-001",
            "TM-A1-003"
          ]
        }
      ],
      "title": "Security Agent Origin Validation Error Local Privilege Vulnerability"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Lays (@_L4ys)"
          ],
          "organization": "TRAPA Security",
          "summary": "working with Trend Micro\u0027s Zero Day Initiative"
        }
      ],
      "cve": "CVE-2026-45206",
      "cwe": {
        "id": "CWE-346",
        "name": "Origin Validation Error"
      },
      "notes": [
        {
          "category": "description",
          "text": "An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism.",
          "title": "CVE description"
        },
        {
          "category": "description",
          "text": "Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
          "title": "Preconditions"
        }
      ],
      "product_status": {
        "fixed": [
          "TM-A1-002",
          "TM-A1-004"
        ],
        "known_affected": [
          "TM-A1-001",
          "TM-A1-003"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "ZDI-CAN-28118",
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-362/"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-21T13:00:00.000Z",
          "details": "Update to SP1 CP Build 17079 or later",
          "product_ids": [
            "TM-A1-001",
            "TM-A1-003"
          ],
          "url": "http://downloadcenter.trendmicro.com/"
        },
        {
          "category": "vendor_fix",
          "date": "2026-05-21T13:00:00.000Z",
          "details": "Update to Security Agent Version 14.0.20731 or later",
          "product_ids": [
            "TM-A1SAAS-001",
            "TM-A1SAAS-003"
          ],
          "url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "TM-A1-001",
            "TM-A1-003"
          ]
        }
      ],
      "title": "Security Agent Origin Validation Error Local Privilege Vulnerability"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Lays (@_L4ys)"
          ],
          "organization": "TRAPA Security",
          "summary": "working with Trend Micro\u0027s Zero Day Initiative"
        }
      ],
      "cve": "CVE-2026-45207",
      "cwe": {
        "id": "CWE-346",
        "name": "Origin Validation Error"
      },
      "notes": [
        {
          "category": "description",
          "text": "An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 but exists in a different process protection communication mechanism.",
          "title": "CVE description"
        },
        {
          "category": "description",
          "text": "Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
          "title": "Preconditions"
        }
      ],
      "product_status": {
        "fixed": [
          "TM-A1-002",
          "TM-A1-004"
        ],
        "known_affected": [
          "TM-A1-001",
          "TM-A1-003"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "ZDI-CAN-29177",
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-362/"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-21T13:00:00.000Z",
          "details": "Update to SP1 CP Build 17079 or later",
          "product_ids": [
            "TM-A1-001",
            "TM-A1-003"
          ],
          "url": "http://downloadcenter.trendmicro.com/"
        },
        {
          "category": "vendor_fix",
          "date": "2026-05-21T13:00:00.000Z",
          "details": "Update to Security Agent Version 14.0.20731 or later",
          "product_ids": [
            "TM-A1SAAS-001",
            "TM-A1SAAS-003"
          ],
          "url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "TM-A1-001",
            "TM-A1-003"
          ]
        }
      ],
      "title": "Security Agent Origin Validation Error Local Privilege Vulnerability"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Lays (@_L4ys)"
          ],
          "organization": "TRAPA Security",
          "summary": "working with Trend Micro\u0027s Zero Day Initiative"
        }
      ],
      "cve": "CVE-2026-45208",
      "cwe": {
        "id": "CWE-346",
        "name": "Origin Validation Error"
      },
      "notes": [
        {
          "category": "description",
          "text": "A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.",
          "title": "CVE description"
        },
        {
          "category": "description",
          "text": "Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
          "title": "Preconditions"
        }
      ],
      "product_status": {
        "fixed": [
          "TM-A1-002",
          "TM-A1-004"
        ],
        "known_affected": [
          "TM-A1-001",
          "TM-A1-003"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "ZDI-CAN-27982",
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-362/"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-21T13:00:00.000Z",
          "details": "Update to SP1 CP Build 17079 or later",
          "product_ids": [
            "TM-A1-001",
            "TM-A1-003"
          ],
          "url": "http://downloadcenter.trendmicro.com/"
        },
        {
          "category": "vendor_fix",
          "date": "2026-05-21T13:00:00.000Z",
          "details": "Update to Security Agent Version 14.0.20731 or later",
          "product_ids": [
            "TM-A1SAAS-001",
            "TM-A1SAAS-003"
          ],
          "url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "TM-A1-001",
            "TM-A1-003"
          ]
        }
      ],
      "title": "Security Agent Time-Of-Check Time-Of-Use Local Privilege Vulnerability"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…