CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Medium-severity Apex One zero-day patched after exploitation in on-premises deployments

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

Trend Micro patched CVE-2026-34926, a medium-severity directory traversal flaw in Apex One on-premises installations, after confirming in-the-wild exploitation targeting Windows systems. The vulnerability allowed local attackers with admin credentials to inject malicious code into server key tables and deploy payloads to agents. CISA added the CVE to its Known Exploited Vulnerabilities (KEV) catalog on May 22, 2026, requiring federal agencies to remediate by June 4, 2026. Concurrently, Trend Micro released updates addressing seven local privilege escalation vulnerabilities in the Apex One Standard Endpoint Protection agent. Threat actors have repeatedly exploited Apex One flaws in zero-day attacks, including prior incidents tracked as CVE-2025-54948 (August 2025), CVE-2022-40139 (September 2022), and CVE-2023-41179 (September 2023).

Timeline

  1. 22.05.2026 11:19 2 articles · 10h ago

    CVE-2026-34926 patched after in-the-wild exploitation in Apex One on-premises environments

    Trend Micro confirmed at least one observed exploitation attempt of CVE-2026-34926 against Windows systems, clarifying exploitation prerequisites for the directory traversal vulnerability in Apex One on-premises servers. CISA reaffirmed the KEV inclusion and federal mitigation deadline of June 4, 2026, citing significant risks to federal enterprises. The patch also addressed seven additional local privilege escalation vulnerabilities in the Apex One Standard Endpoint Protection agent. Additional context reaffirmed historical zero-day exploitation patterns in Apex One, including prior cases such as CVE-2025-54948 (August 2025), CVE-2022-40139 (September 2022), and CVE-2023-41179 (September 2023).

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Critical RCE Flaw in Trend Micro Apex Central On-Prem Windows

Trend Micro has addressed critical vulnerabilities in on-premise Windows versions of Apex Central, including a remote code execution (RCE) flaw (CVE-2025-69258) with a CVSS score of 9.8. The flaw allows unauthenticated remote attackers to execute arbitrary code under SYSTEM context. Two additional flaws (CVE-2025-69259, CVE-2025-69260) with CVSS scores of 7.5 each can cause denial-of-service conditions. The vulnerabilities affect versions below Build 7190 and require physical or remote access to exploit. Apex Central is a web-based management console that helps admins manage multiple Trend Micro products and services, including antivirus, content security, and threat detection. Trend Micro has released Critical Patch Build 7190 to address these vulnerabilities.

Open in new tab

Trend Micro Apex One Management Console 0-Day Exploited

Trend Micro has disclosed and patched two critical vulnerabilities, CVE-2025-71210 and CVE-2025-71211, in its on-premise Apex One Management Console. These vulnerabilities allow for remote code execution (RCE) on vulnerable Windows systems. Trend Micro has released Critical Patch Build 14136 to address these vulnerabilities, which also fixes two high-severity privilege escalation flaws in the Windows agent and four more affecting the macOS agent. The vulnerabilities are due to path traversal weaknesses in the management console and require attackers to have access to it. Previously, Trend Micro disclosed two other critical vulnerabilities, CVE-2025-54948 and CVE-2025-54987, which were actively exploited in the wild. These vulnerabilities allowed for command injection and remote code execution. Trend Micro has released temporary mitigations and is urging users to apply them immediately to protect against potential attacks.

Open in new tab