Action not permitted
Modal body text goes here.
Modal Title
Modal Body
JVNDB-2026-016802
Vulnerability from jvndb - Published: 2026-05-22 16:44 - Updated:2026-05-25 15:38
Severity
Summary
Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (May 2026)
Details
Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises contain multiple vulnerabilities listed below.
- Relative path traversal in Apex One server (CWE-23) - CVE-2026-34926
- The only product that could be vulnerable to this exploit is TrendAI Apex One (On Premise).
- Origin validation error in Security Agent (CWE-346) - CVE-2026-34927,CVE-2026-34928,CVE-2026-34929,CVE-2026-34930,CVE-2026-45206,CVE-2026-45207
- Time-of-check time-of-use (TOCTOU) race condition in Security Agent (CWE-367) - CVE-2026-45208
References
| Type | URL | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-016802.html",
"dc:date": "2026-05-25T15:38+09:00",
"dcterms:issued": "2026-05-22T16:44+09:00",
"dcterms:modified": "2026-05-25T15:38+09:00",
"description": "Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises contain multiple vulnerabilities listed below.\u003cul\u003e\u003cli\u003eRelative path traversal in Apex One server (CWE-23) - CVE-2026-34926\u003cul\u003e\u003cli\u003eThe only product that could be vulnerable to this exploit is TrendAI Apex One (On Premise).\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eOrigin validation error in Security Agent (CWE-346) - CVE-2026-34927,CVE-2026-34928,CVE-2026-34929,CVE-2026-34930,CVE-2026-45206,CVE-2026-45207\u003c/li\u003e\u003cli\u003eTime-of-check time-of-use (TOCTOU) race condition in Security Agent (CWE-367) - CVE-2026-45208\u003c/li\u003e\u003c/ul\u003eTrend Micro Incorporated has reported that attacks exploiting CVE-2026-34926 have been observed in the wild.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-016802.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:trendai_apex_one",
"@product": "TrendAI Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:trendai_vision_one_endpoint_security-standard_endpoint_protection",
"@product": "TrendAI Vision One Endpoint Security - Standard Endpoint Protection",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:trend_micro_apex_one",
"@product": "Trend Micro Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-016802",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU90583059/index.html",
"@id": "JVNVU#90583059",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-34926",
"@id": "CVE-2026-34926",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-34927",
"@id": "CVE-2026-34927",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-34928",
"@id": "CVE-2026-34928",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-34929",
"@id": "CVE-2026-34929",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-34930",
"@id": "CVE-2026-34930",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-45206",
"@id": "CVE-2026-45206",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-45207",
"@id": "CVE-2026-45207",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-45208",
"@id": "CVE-2026-45208",
"@source": "CVE"
},
{
"#text": "https://www.jpcert.or.jp/english/at/2026/at260014.html",
"@id": "JPCERT-AT-2026-0014",
"@source": "JPCERT AT"
},
{
"#text": "https://cwe.mitre.org/data/definitions/23.html",
"@id": "CWE-23",
"@title": "Relative Path Traversal(CWE-23)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/346.html",
"@id": "CWE-346",
"@title": "Origin Validation Error(CWE-346)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/367.html",
"@id": "CWE-367",
"@title": "Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367)"
}
],
"title": "Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (May 2026)"
}
CVE-2026-34926 (GCVE-0-2026-34926)
Vulnerability from cvelistv5 – Published: 2026-05-21 13:03 – Updated: 2026-05-22 12:47
VLAI
EPSS
Summary
A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.
This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.
Severity
6.7 (Medium)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro, Inc. | TrendAI Apex One |
Affected:
2019 (14.0) , < 14.0.0.17079
(semver)
cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:* |
|
| Trend Micro, Inc. | TrendAI Apex One as a Service |
Affected:
SaaS , < 14.0.20731
(semver)
cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34926",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-22T03:55:44.534070Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-05-21",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34926"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T12:47:07.213Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34926"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*"
],
"product": "TrendAI Apex One",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.0.17079",
"status": "affected",
"version": "2019 (14.0)",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:*"
],
"product": "TrendAI Apex One as a Service",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.20731",
"status": "affected",
"version": "SaaS",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.\n\n\r\nThis vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T13:03:21.164Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0023430"
},
{
"url": "https://success.trendmicro.com/ja-JP/solution/KA-0022974"
},
{
"url": "https://jvn.jp/en/vu/JVNVU90583059/"
},
{
"url": "https://www.jpcert.or.jp/english/at/2026/at260014.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2026-34926",
"datePublished": "2026-05-21T13:03:21.164Z",
"dateReserved": "2026-03-31T17:22:13.504Z",
"dateUpdated": "2026-05-22T12:47:07.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34927 (GCVE-0-2026-34927)
Vulnerability from cvelistv5 – Published: 2026-05-21 13:03 – Updated: 2026-05-22 03:55
VLAI
EPSS
Summary
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro, Inc. | TrendAI Apex One |
Affected:
2019 (14.0) , < 14.0.0.17079
(semver)
cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:* |
|
| Trend Micro, Inc. | TrendAI Apex One as a Service |
Affected:
SaaS , < 14.0.20731
(semver)
cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34927",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T03:55:33.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*"
],
"product": "TrendAI Apex One",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.0.17079",
"status": "affected",
"version": "2019 (14.0)",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:*"
],
"product": "TrendAI Apex One as a Service",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.20731",
"status": "affected",
"version": "SaaS",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T13:03:31.141Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0023430"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2026-34927",
"datePublished": "2026-05-21T13:03:31.141Z",
"dateReserved": "2026-03-31T17:22:13.504Z",
"dateUpdated": "2026-05-22T03:55:33.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34928 (GCVE-0-2026-34928)
Vulnerability from cvelistv5 – Published: 2026-05-21 13:03 – Updated: 2026-05-22 03:55
VLAI
EPSS
Summary
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different named pipe communication mechanism.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro, Inc. | TrendAI Apex One |
Affected:
2019 (14.0) , < 14.0.0.17079
(semver)
cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:* |
|
| Trend Micro, Inc. | TrendAI Apex One as a Service |
Affected:
SaaS , < 14.0.20731
(semver)
cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34928",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T03:55:32.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*"
],
"product": "TrendAI Apex One",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.0.17079",
"status": "affected",
"version": "2019 (14.0)",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:*"
],
"product": "TrendAI Apex One as a Service",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.20731",
"status": "affected",
"version": "SaaS",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different named pipe communication mechanism.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T13:03:39.339Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0023430"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2026-34928",
"datePublished": "2026-05-21T13:03:39.339Z",
"dateReserved": "2026-03-31T17:22:13.504Z",
"dateUpdated": "2026-05-22T03:55:32.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34929 (GCVE-0-2026-34929)
Vulnerability from cvelistv5 – Published: 2026-05-21 13:03 – Updated: 2026-05-22 03:55
VLAI
EPSS
Summary
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro, Inc. | TrendAI Apex One |
Affected:
2019 (14.0) , < 14.0.0.17079
(semver)
cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:* |
|
| Trend Micro, Inc. | TrendAI Apex One as a Service |
Affected:
SaaS , < 14.0.20731
(semver)
cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34929",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T03:55:31.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*"
],
"product": "TrendAI Apex One",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.0.17079",
"status": "affected",
"version": "2019 (14.0)",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:*"
],
"product": "TrendAI Apex One as a Service",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.20731",
"status": "affected",
"version": "SaaS",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T13:03:50.529Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0023430"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2026-34929",
"datePublished": "2026-05-21T13:03:50.529Z",
"dateReserved": "2026-03-31T17:22:13.504Z",
"dateUpdated": "2026-05-22T03:55:31.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34930 (GCVE-0-2026-34930)
Vulnerability from cvelistv5 – Published: 2026-05-21 13:04 – Updated: 2026-05-22 03:55
VLAI
EPSS
Summary
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro, Inc. | TrendAI Apex One |
Affected:
2019 (14.0) , < 14.0.0.17079
(semver)
cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:* |
|
| Trend Micro, Inc. | TrendAI Apex One as a Service |
Affected:
SaaS , < 14.0.20731
(semver)
cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34930",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T03:55:30.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*"
],
"product": "TrendAI Apex One",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.0.17079",
"status": "affected",
"version": "2019 (14.0)",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:*"
],
"product": "TrendAI Apex One as a Service",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.20731",
"status": "affected",
"version": "SaaS",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T13:04:02.090Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0023430"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2026-34930",
"datePublished": "2026-05-21T13:04:02.090Z",
"dateReserved": "2026-03-31T17:22:13.504Z",
"dateUpdated": "2026-05-22T03:55:30.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45206 (GCVE-0-2026-45206)
Vulnerability from cvelistv5 – Published: 2026-05-21 13:04 – Updated: 2026-05-22 03:55
VLAI
EPSS
Summary
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro, Inc. | TrendAI Apex One |
Affected:
2019 (14.0) , < 14.0.0.17079
(semver)
cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:* |
|
| Trend Micro, Inc. | TrendAI Apex One as a Service |
Affected:
SaaS , < 14.0.20731
(semver)
cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45206",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T03:55:29.520Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*"
],
"product": "TrendAI Apex One",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.0.17079",
"status": "affected",
"version": "2019 (14.0)",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:*"
],
"product": "TrendAI Apex One as a Service",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.20731",
"status": "affected",
"version": "SaaS",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T13:04:15.439Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0023430"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2026-45206",
"datePublished": "2026-05-21T13:04:15.439Z",
"dateReserved": "2026-05-11T13:42:24.969Z",
"dateUpdated": "2026-05-22T03:55:29.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45207 (GCVE-0-2026-45207)
Vulnerability from cvelistv5 – Published: 2026-05-21 13:04 – Updated: 2026-05-22 03:55
VLAI
EPSS
Summary
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 but exists in a different process protection communication mechanism.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro, Inc. | TrendAI Apex One |
Affected:
2019 (14.0) , < 14.0.0.17079
(semver)
cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:* |
|
| Trend Micro, Inc. | TrendAI Apex One as a Service |
Affected:
SaaS , < 14.0.20731
(semver)
cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45207",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T03:55:28.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*"
],
"product": "TrendAI Apex One",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.0.17079",
"status": "affected",
"version": "2019 (14.0)",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:*"
],
"product": "TrendAI Apex One as a Service",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.20731",
"status": "affected",
"version": "SaaS",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 but exists in a different process protection communication mechanism.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T13:04:25.843Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0023430"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2026-45207",
"datePublished": "2026-05-21T13:04:25.843Z",
"dateReserved": "2026-05-11T13:42:24.970Z",
"dateUpdated": "2026-05-22T03:55:28.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45208 (GCVE-0-2026-45208)
Vulnerability from cvelistv5 – Published: 2026-05-21 13:04 – Updated: 2026-05-22 03:55
VLAI
EPSS
Summary
A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro, Inc. | TrendAI Apex One |
Affected:
2019 (14.0) , < 14.0.0.17079
(semver)
cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:* |
|
| Trend Micro, Inc. | TrendAI Apex One as a Service |
Affected:
SaaS , < 14.0.20731
(semver)
cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T03:55:27.290Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*"
],
"product": "TrendAI Apex One",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.0.17079",
"status": "affected",
"version": "2019 (14.0)",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:*"
],
"product": "TrendAI Apex One as a Service",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.20731",
"status": "affected",
"version": "SaaS",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T13:04:35.027Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0023430"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2026-45208",
"datePublished": "2026-05-21T13:04:35.027Z",
"dateReserved": "2026-05-11T13:42:24.970Z",
"dateUpdated": "2026-05-22T03:55:27.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…