Trend Micro Warns of Unpatched Apex One Vulnerability Exploited by Malware Actors

Trend Micro Issues Warning About New Zero-Day Vulnerability

Trend Micro, a Japanese cybersecurity software company, has issued a warning about a previously unknown vulnerability in its Apex One endpoint security platform. This vulnerability, tracked as CVE-2026-34926, is a directory traversal issue that allows authenticated local attackers to inject malicious code into the system.

Vulnerability Details

• The vulnerability affects the on-premises version of Apex One and requires administrative credentials to the server.
• Trend Micro’s AI has detected at least one attempt to exploit this vulnerability in the wild.
• The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-34926 to its list of actively exploited vulnerabilities and instructed federal agencies to patch their devices by June 4.

Trend Micro has released security updates to address seven local privilege escalation vulnerabilities in the Apex One Standard Endpoint Protection (SEP) agent. These vulnerabilities can be exploited by attackers who have permission to execute low-privileged code on the target system.

Related Vulnerabilities

• CVE-2025-54948: A zero-day exploit in Apex One discovered in August 2025.
• CVE-2022-40139: A zero-day exploit in Apex One discovered in September 2022.
• CVE-2023-41179: A zero-day exploit in Apex One discovered in September 2023.

CISA currently tracks 12 Trend Micro Apex vulnerabilities that have either been or are still being abused in attacks.

Action Items

• Federal agencies should prioritize patching their devices and implementing mitigation measures to prevent exploitation of this vulnerability.
• Organizations relying on Apex One should ensure they have the latest security updates installed to protect against these newly disclosed vulnerabilities.

About Author

Anuj

See author's posts