Apex One on-premises server directory traversal zero-day (CVE-2026-34926)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2026-34926 is a Trend Micro Apex One on-premises directory traversal zero-day that can let a privileged local attacker inject malicious code onto affected agents. Active exploitation was observed, making the flaw a real-world risk for organizations running exposed Apex One servers. Trend Micro also moved to address the vulnerability, and CISA later put it on its actively exploited list with a June 4 patch deadline for federal agencies.
Related Happenings
Magento exploitation wave for CVE-2026-45247
Exploitation Wave
H score9
First: 04.06.2026 10:19
Last: 04.06.2026 10:19
Sources 1
About this happening:
Active exploitation of **CVE-2026-45247** is hitting **Mirasvit Cache Warmer** on **Magento** stores, with malicious requests carrying serialized PHP payloads that can lead to **r...
Magento exploitation wave for CVE-2026-45247
Exploitation WaveAbout this happening: Active exploitation of **CVE-2026-45247** is hitting **Mirasvit Cache Warmer** on **Magento** stores, with malicious requests carrying serialized PHP payloads that can lead to **r...
CISA orders federal patching of Oracle WebLogic CVE-2024-21182
Public Sector Action
H score53
First: 02.06.2026 15:40
Last: 02.06.2026 15:40
Sources 1
About this happening:
CISA ordered **federal agencies** to patch **Oracle WebLogic Server** against **CVE-2024-21182** by **June 4**, creating an immediate remediation deadline for affected government...
CISA orders federal patching of Oracle WebLogic CVE-2024-21182
Public Sector ActionAbout this happening: CISA ordered **federal agencies** to patch **Oracle WebLogic Server** against **CVE-2024-21182** by **June 4**, creating an immediate remediation deadline for affected government...
FortiClient EMS CVE-2026-35616 exploitation wave
Exploitation Wave
H score56
First: 28.05.2026 18:26
Last: 28.05.2026 18:26
Sources 1
About this happening:
**CVE-2026-35616** exploitation in **FortiClient Enterprise Management Server (EMS)** is being used to deliver the undocumented credential stealer **EKZ**. Attackers are abusing u...
FortiClient EMS CVE-2026-35616 exploitation wave
Exploitation WaveAbout this happening: **CVE-2026-35616** exploitation in **FortiClient Enterprise Management Server (EMS)** is being used to deliver the undocumented credential stealer **EKZ**. Attackers are abusing u...
Langflow and Trend Micro Apex One exploited flaws (multiple vulnerabilities)
Vulnerability
H score44
First: 22.05.2026 08:47
Last: 22.05.2026 08:47
Sources 1
About this happening:
**CISA** added **CVE-2025-34291** in **Langflow** and **CVE-2026-34926** in **Trend Micro Apex One** to the **KEV catalog** after evidence of **active exploitation**. The Langflow...
Langflow and Trend Micro Apex One exploited flaws (multiple vulnerabilities)
VulnerabilityAbout this happening: **CISA** added **CVE-2025-34291** in **Langflow** and **CVE-2026-34926** in **Trend Micro Apex One** to the **KEV catalog** after evidence of **active exploitation**. The Langflow...
CISA KEV listing for Wing FTP CVE-2025-47813
Public Sector Action
H score38
First: 17.03.2026 07:23
Last: 17.03.2026 07:23
Sources 1
About this happening:
CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...
CISA KEV listing for Wing FTP CVE-2025-47813
Public Sector ActionAbout this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...
Timeline
-
22.05.2026 16:39 1 articles · 1mo ago
CISA adds CVE-2026-34926 to actively exploited list
Legal Policy Action UpdateCISA added CVE-2026-34926 to its actively exploited vulnerabilities list and told federal agencies to patch by June 4, warning that vulnerabilities like this are frequent attack vectors and pose significant risks to the federal enterprise.
Show sources
- Trend Micro warns of Apex One zero-day exploited in the wild — www.bleepingcomputer.com — 22.05.2026 16:39
-
22.05.2026 16:39 2 articles · 1mo ago
Trend Micro discloses Apex One zero-day exploitation
Initial DisclosureTrend Micro said CVE-2026-34926 is a directory traversal flaw in the Apex One on-premises server that can let a local attacker with admin credentials modify a key table and inject malicious code to deploy to agents on affected Windows systems, and TrendAI observed at least one attempt to exploit it in the wild.
Show sources
- Trend Micro warns of Apex One zero-day exploited in the wild — www.bleepingcomputer.com — 22.05.2026 16:39
- Trend Micro warns of Apex One zero-day exploited in the wild — www.bleepingcomputer.com — 22.05.2026 16:39