CVE-2026-34926

MEDIUM CISA KEV

A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.

Published: May 21, 2026 Modified: May 22, 2026

CWE-23

CVSS Metrics

CVSSv3

Attack Vector: LOCAL Attack Complexity: HIGH Privileges Required: HIGH User Interaction: NONE Scope: CHANGED Confidentiality Impact: HIGH Integrity Impact: LOW Availability Impact: LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L

Affected Products (2)

Vendor	Product	Version
trendmicro	apex_one	* < 14.0.0.17079
trendmicro	apex_one	* < 14.0.20731

GitHub Security Advisory GHSA-4ccp-cqrh-3w9v

A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre...

References (5)

https://jvn.jp/en/vu/JVNVU90583059/ Third Party Advisory
https://success.trendmicro.com/en-US/solution/KA-0023430 Vendor Advisory
https://success.trendmicro.com/ja-JP/solution/KA-0022974 Vendor Advisory
https://www.jpcert.or.jp/english/at/2026/at260014.html Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34926 Third Party Advisory, US Government Resource

Risk Scores

CVSS Score 6.7 / 10

EPSS Score 1.02%

Top 22% most likely to be exploited

Threat Score 57.1 / 100

CISA Known Exploited

Date Added: 2026-05-21

Due Date: 2026-06-04

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Data Sources

NVD CISA KEV EPSS GitHub