Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Apex One on-premises server directory traversal zero-day (CVE-2026-34926)

Vulnerability
First reported
Last updated
Happening score
H score 53
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2026-34926 is a Trend Micro Apex One on-premises directory traversal zero-day that can let a privileged local attacker inject malicious code onto affected agents. Active exploitation was observed, making the flaw a real-world risk for organizations running exposed Apex One servers. Trend Micro also moved to address the vulnerability, and CISA later put it on its actively exploited list with a June 4 patch deadline for federal agencies.

Related Happenings

Langflow and Trend Micro Apex One exploited flaws (multiple vulnerabilities)

Vulnerability
First: 22.05.2026 08:47 Last: 22.05.2026 08:47 Sources 1

About this happening: **CISA** added **CVE-2025-34291** in **Langflow** and **CVE-2026-34926** in **Trend Micro Apex One** to the **KEV catalog** after evidence of **active exploitation**. The Langflow...

Open Happening

CISA KEV listing for Wing FTP CVE-2025-47813

Public Sector Action
First: 17.03.2026 07:23 Last: 17.03.2026 07:23 Sources 1

About this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...

Open Happening

CISA updates KEV entry for CVE-2026-1731

Public Sector Action
First: 20.02.2026 17:45 Last: 20.02.2026 17:45 Sources 1

About this happening: **CISA** updated its **KEV catalog** entry for **CVE-2026-1731**, confirming the flaw has been used in **ransomware campaigns** and elevating its government-tracked risk. The upda...

Open Happening

CISA KEV multi-product active exploitation wave (CVE-2020-7796)

Exploitation Wave
First: 18.02.2026 08:52 Last: 18.02.2026 08:52 Sources 1

About this happening: **CISA** expanded its **KEV catalog** with **four actively exploited flaws**, signaling a live exploitation wave across **Chrome, TeamT5 ThreatSonar, Zimbra, and Windows Video Act...

Open Happening

Timeline

  1. 22.05.2026 16:39 1 articles · 5d ago

    CISA adds CVE-2026-34926 to actively exploited list

    Legal Policy Action Update

    CISA added CVE-2026-34926 to its actively exploited vulnerabilities list and told federal agencies to patch by June 4, warning that vulnerabilities like this are frequent attack vectors and pose significant risks to the federal enterprise.

    Show sources
    Open in new tab
  2. 22.05.2026 16:39 2 articles · 5d ago

    Trend Micro discloses Apex One zero-day exploitation

    Initial Disclosure

    Trend Micro said CVE-2026-34926 is a directory traversal flaw in the Apex One on-premises server that can let a local attacker with admin credentials modify a key table and inject malicious code to deploy to agents on affected Windows systems, and TrendAI observed at least one attempt to exploit it in the wild.

    Show sources
    Open in new tab