Find notable cyber news and cases, enriched with sources, timelines, and signals.

Apex One on-premises server directory traversal zero-day (CVE-2026-34926)

Vulnerability
First reported
Last updated
Happening score
H score 53
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2026-34926 is a Trend Micro Apex One on-premises directory traversal zero-day that can let a privileged local attacker inject malicious code onto affected agents. Active exploitation was observed, making the flaw a real-world risk for organizations running exposed Apex One servers. Trend Micro also moved to address the vulnerability, and CISA later put it on its actively exploited list with a June 4 patch deadline for federal agencies.

Related Happenings

Magento exploitation wave for CVE-2026-45247

Exploitation Wave
H score9 First: 04.06.2026 10:19 Last: 04.06.2026 10:19 Sources 1

About this happening: Active exploitation of **CVE-2026-45247** is hitting **Mirasvit Cache Warmer** on **Magento** stores, with malicious requests carrying serialized PHP payloads that can lead to **r...

CISA orders federal patching of Oracle WebLogic CVE-2024-21182

Public Sector Action
H score53 First: 02.06.2026 15:40 Last: 02.06.2026 15:40 Sources 1

About this happening: CISA ordered **federal agencies** to patch **Oracle WebLogic Server** against **CVE-2024-21182** by **June 4**, creating an immediate remediation deadline for affected government...

FortiClient EMS CVE-2026-35616 exploitation wave

Exploitation Wave
H score56 First: 28.05.2026 18:26 Last: 28.05.2026 18:26 Sources 1

About this happening: **CVE-2026-35616** exploitation in **FortiClient Enterprise Management Server (EMS)** is being used to deliver the undocumented credential stealer **EKZ**. Attackers are abusing u...

Langflow and Trend Micro Apex One exploited flaws (multiple vulnerabilities)

Vulnerability
H score44 First: 22.05.2026 08:47 Last: 22.05.2026 08:47 Sources 1

About this happening: **CISA** added **CVE-2025-34291** in **Langflow** and **CVE-2026-34926** in **Trend Micro Apex One** to the **KEV catalog** after evidence of **active exploitation**. The Langflow...

CISA KEV listing for Wing FTP CVE-2025-47813

Public Sector Action
H score38 First: 17.03.2026 07:23 Last: 17.03.2026 07:23 Sources 1

About this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...

Timeline

  1. 22.05.2026 16:39 1 articles · 1mo ago

    CISA adds CVE-2026-34926 to actively exploited list

    Legal Policy Action Update

    CISA added CVE-2026-34926 to its actively exploited vulnerabilities list and told federal agencies to patch by June 4, warning that vulnerabilities like this are frequent attack vectors and pose significant risks to the federal enterprise.

    Show sources
  2. 22.05.2026 16:39 2 articles · 1mo ago

    Trend Micro discloses Apex One zero-day exploitation

    Initial Disclosure

    Trend Micro said CVE-2026-34926 is a directory traversal flaw in the Apex One on-premises server that can let a local attacker with admin credentials modify a key table and inject malicious code to deploy to agents on affected Windows systems, and TrendAI observed at least one attempt to exploit it in the wild.

    Show sources