- 153/2026
- High
Trend Micro has released security updates to address several vulnerabilities affecting Apex One, Apex One as a Service (SaaS), and TrendAI Vision One Endpoint Security – Standard Endpoint Protection (SEP).
The addressed vulnerabilities could allow the attacker to modify a key table on the server to inject malicious code or gain elevated privileges to the affected products.
Sample of the addressed vulnerabilities:
1. Trend Micro Security Agent Origin Validation Error Local Privilege Vulnerability (CVE-2026-45206):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
2. Trend Micro Apex One Server Directory Traversal Vulnerability (CVE-2026-34926):
- CVSS: 6.7
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: High
- User Interaction: None
- Consequences: File Manipulation
It should be highlighted that Trend Micro is aware that the vulnerability “CVE- 2026-34926” is being exploited in the wild.
Vulnerabilities
- CVE-2026-34926
- CVE-2026-34927
- CVE-2026-34928
- CVE-2026-34929
- CVE-2026-34930
- CVE-2026-45206
- CVE-2026-45207
- CVE-2026-45208
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.