Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1 vulnerability found for TrendAI Vision One Endpoint Security - Standard Endpoint Protection by Trend Micro, Inc.

    JVNDB-2026-016802

    Vulnerability from jvndb - Published: 2026-05-22 16:44 - Updated:2026-05-25 15:38
    Severity
    Summary
    Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (May 2026)
    Details
    Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises contain multiple vulnerabilities listed below.
    • Relative path traversal in Apex One server (CWE-23) - CVE-2026-34926
      • The only product that could be vulnerable to this exploit is TrendAI Apex One (On Premise).
    • Origin validation error in Security Agent (CWE-346) - CVE-2026-34927,CVE-2026-34928,CVE-2026-34929,CVE-2026-34930,CVE-2026-45206,CVE-2026-45207
    • Time-of-check time-of-use (TOCTOU) race condition in Security Agent (CWE-367) - CVE-2026-45208
    Trend Micro Incorporated has reported that attacks exploiting CVE-2026-34926 have been observed in the wild. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-016802.html",
      "dc:date": "2026-05-25T15:38+09:00",
      "dcterms:issued": "2026-05-22T16:44+09:00",
      "dcterms:modified": "2026-05-25T15:38+09:00",
      "description": "Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises contain multiple vulnerabilities listed below.\u003cul\u003e\u003cli\u003eRelative path traversal in Apex One server (CWE-23) - CVE-2026-34926\u003cul\u003e\u003cli\u003eThe only product that could be vulnerable to this exploit is TrendAI Apex One (On Premise).\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eOrigin validation error in Security Agent (CWE-346) - CVE-2026-34927,CVE-2026-34928,CVE-2026-34929,CVE-2026-34930,CVE-2026-45206,CVE-2026-45207\u003c/li\u003e\u003cli\u003eTime-of-check time-of-use (TOCTOU) race condition in Security Agent (CWE-367) - CVE-2026-45208\u003c/li\u003e\u003c/ul\u003eTrend Micro Incorporated has reported that attacks exploiting CVE-2026-34926 have been observed in the wild.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-016802.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:trendmicro:trendai_apex_one",
          "@product": "TrendAI Apex One",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:trendai_vision_one_endpoint_security-standard_endpoint_protection",
          "@product": "TrendAI Vision One Endpoint Security - Standard Endpoint Protection",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:trend_micro_apex_one",
          "@product": "Trend Micro Apex One",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "6.7",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2026-016802",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU90583059/index.html",
          "@id": "JVNVU#90583059",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-34926",
          "@id": "CVE-2026-34926",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-34927",
          "@id": "CVE-2026-34927",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-34928",
          "@id": "CVE-2026-34928",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-34929",
          "@id": "CVE-2026-34929",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-34930",
          "@id": "CVE-2026-34930",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-45206",
          "@id": "CVE-2026-45206",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-45207",
          "@id": "CVE-2026-45207",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-45208",
          "@id": "CVE-2026-45208",
          "@source": "CVE"
        },
        {
          "#text": "https://www.jpcert.or.jp/english/at/2026/at260014.html",
          "@id": "JPCERT-AT-2026-0014",
          "@source": "JPCERT AT"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/23.html",
          "@id": "CWE-23",
          "@title": "Relative Path Traversal(CWE-23)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/346.html",
          "@id": "CWE-346",
          "@title": "Origin Validation Error(CWE-346)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/367.html",
          "@id": "CWE-367",
          "@title": "Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367)"
        }
      ],
      "title": "Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (May 2026)"
    }