Trend Micro Apex One Multiple Vulnerabilities

Release Date: 22 May 2026

RISK: High Risk

TYPE: Security software and application - Security Software & Appliance

Multiple vulnerabilities were identified in Trend Micro Apex One. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, remote code execution and data manipulation on the targeted system.

 

Note:

CVE-2026-34926 is being exploited in the wild.  A pre-authenticated local attacker could modify a key table on the server to inject malicious code to deploy to agents on affected installations. Hence, the risk level is rated as High Risk.

 

---

Impact

• Elevation of Privilege
• Remote Code Execution
• Data Manipulation

---

System / Technologies affected

• Trend Micro Apex One - 2019 (On-prem)
• Trend Micro Apex One - Server and Agent builds below 17079 
• Trend Micro Apex One as a Service (SaaS)
• TrendAI Vision One Endpoint Security - Standard Endpoint Protection (SEP) - Agent builds below 14.0.20731

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://success.trendmicro.com/en-US/solution/KA-0023430

---

Vulnerability Identifier

• CVE-2026-34926
• CVE-2026-34927
• CVE-2026-34928
• CVE-2026-34929
• CVE-2026-34930
• CVE-2026-45206
• CVE-2026-45207
• CVE-2026-45208

---

Source

• Trend Micro

---

Related Link

• https://success.trendmicro.com/en-US/solution/KA-0023430
• https://www.cisa.gov/news-events/alerts/2026/05/21/cisa-adds-two-known-exploited-vulnerabilities-catalog