Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-45208 (GCVE-0-2026-45208)
Vulnerability from cvelistv5 – Published: 2026-05-21 13:04 – Updated: 2026-05-22 03:55- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro, Inc. | TrendAI Apex One |
Affected:
2019 (14.0) , < 14.0.0.17079
(semver)
cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:* |
|
| Trend Micro, Inc. | TrendAI Apex One as a Service |
Affected:
SaaS , < 14.0.20731
(semver)
cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T03:55:27.290Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*"
],
"product": "TrendAI Apex One",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.0.17079",
"status": "affected",
"version": "2019 (14.0)",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:*"
],
"product": "TrendAI Apex One as a Service",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.20731",
"status": "affected",
"version": "SaaS",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T13:04:35.027Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0023430"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2026-45208",
"datePublished": "2026-05-21T13:04:35.027Z",
"dateReserved": "2026-05-11T13:42:24.970Z",
"dateUpdated": "2026-05-22T03:55:27.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-45208",
"date": "2026-07-05",
"epss": "0.003",
"percentile": "0.21739"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-45208\",\"sourceIdentifier\":\"security@trendmicro.com\",\"published\":\"2026-05-21T14:16:48.257\",\"lastModified\":\"2026-06-17T10:51:46.540\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.\\n\\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\"}],\"affected\":[{\"source\":\"security@trendmicro.com\",\"affectedData\":[{\"vendor\":\"Trend Micro, Inc.\",\"product\":\"TrendAI Apex One\",\"cpes\":[\"cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"2019 (14.0)\",\"lessThan\":\"14.0.0.17079\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"Trend Micro, Inc.\",\"product\":\"TrendAI Apex One as a Service\",\"cpes\":[\"cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"SaaS\",\"lessThan\":\"14.0.20731\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@trendmicro.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-05-21T00:00:00+00:00\",\"id\":\"CVE-2026-45208\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security@trendmicro.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-367\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:apex_one:*:*:*:*:on-premises:windows:*:*\",\"versionEndExcluding\":\"14.0.0.17079\",\"matchCriteriaId\":\"6F20657B-98A4-46BE-8481-12060262C850\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:windows:*:*\",\"versionEndExcluding\":\"14.0.20731\",\"matchCriteriaId\":\"322053CC-D396-412E-9F81-7640FE9DB7BD\"}]}]}],\"references\":[{\"url\":\"https://success.trendmicro.com/en-US/solution/KA-0023430\",\"source\":\"security@trendmicro.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-45208\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-21T13:59:17.362286Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-21T13:59:21.276Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*\"], \"vendor\": \"Trend Micro, Inc.\", \"product\": \"TrendAI Apex One\", \"versions\": [{\"status\": \"affected\", \"version\": \"2019 (14.0)\", \"lessThan\": \"14.0.0.17079\", \"versionType\": \"semver\"}]}, {\"cpes\": [\"cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:*\"], \"vendor\": \"Trend Micro, Inc.\", \"product\": \"TrendAI Apex One as a Service\", \"versions\": [{\"status\": \"affected\", \"version\": \"SaaS\", \"lessThan\": \"14.0.20731\", \"versionType\": \"semver\"}]}], \"references\": [{\"url\": \"https://success.trendmicro.com/en-US/solution/KA-0023430\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.\\n\\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-367\", \"description\": \"CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition\"}]}], \"providerMetadata\": {\"orgId\": \"7f7bd7df-cffe-4fdb-ab6d-859363b89272\", \"shortName\": \"trendmicro\", \"dateUpdated\": \"2026-05-21T13:04:35.027Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-45208\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-22T03:55:27.290Z\", \"dateReserved\": \"2026-05-11T13:42:24.970Z\", \"assignerOrgId\": \"7f7bd7df-cffe-4fdb-ab6d-859363b89272\", \"datePublished\": \"2026-05-21T13:04:35.027Z\", \"assignerShortName\": \"trendmicro\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
2026-0521-TM-A1-001
Vulnerability from csaf_trendmicro - Published: 2026-05-21 13:00 - Updated: 2026-05-21 13:00A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.
This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Trend Micro Apex One (2019) On-prem SP1 CP Build 17079
Trend Micro / Apex One
|
cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*
|
14.0.0.17079 | |
|
Trend Micro Apex One (2019) On-prem Security Agent SP1 CP Build 17079
Trend Micro / Apex One Security Agent
|
14.0.0.17079 | ||
|
Trend Micro Apex One as a Service 14.0.20731
Trend Micro / Apex One as a Service
|
cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:*
|
14.0.20731 | |
|
Trend Micro Apex One as a Service Security Agent 14.0.20731
Trend Micro / Apex One as a Service Security Agent
|
14.0.20731 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Trend Micro Apex One (2019) On-prem<14.0.0.17079
Trend Micro / Apex One
|
vers:intdot/<14.0.0.17079 |
Vendor Fix
fix
|
|
|
Trend Micro Apex One (2019) On-prem Security Agent<14.0.0.17079
Trend Micro / Apex One Security Agent
|
vers:intdot/<14.0.0.17079 |
Vendor Fix
fix
|
|
|
Trend Micro Apex One as a Service <14.0.20731
Trend Micro / Apex One as a Service
|
vers:intdot/<14.0.20731 |
Vendor Fix
fix
|
|
|
Trend Micro Apex One as a Service Agent<14.0.20731
Trend Micro / Apex One as a Service Security Agent
|
vers:intdot/<14.0.20731 |
Vendor Fix
fix
|
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Trend Micro Apex One (2019) On-prem SP1 CP Build 17079
Trend Micro / Apex One
|
cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*
|
14.0.0.17079 | |
|
Trend Micro Apex One (2019) On-prem Security Agent SP1 CP Build 17079
Trend Micro / Apex One Security Agent
|
14.0.0.17079 |
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Trend Micro Apex One (2019) On-prem SP1 CP Build 17079
Trend Micro / Apex One
|
cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*
|
14.0.0.17079 | |
|
Trend Micro Apex One (2019) On-prem Security Agent SP1 CP Build 17079
Trend Micro / Apex One Security Agent
|
14.0.0.17079 |
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Trend Micro Apex One (2019) On-prem SP1 CP Build 17079
Trend Micro / Apex One
|
cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*
|
14.0.0.17079 | |
|
Trend Micro Apex One (2019) On-prem Security Agent SP1 CP Build 17079
Trend Micro / Apex One Security Agent
|
14.0.0.17079 |
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Trend Micro Apex One (2019) On-prem SP1 CP Build 17079
Trend Micro / Apex One
|
cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*
|
14.0.0.17079 | |
|
Trend Micro Apex One (2019) On-prem Security Agent SP1 CP Build 17079
Trend Micro / Apex One Security Agent
|
14.0.0.17079 |
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Trend Micro Apex One (2019) On-prem SP1 CP Build 17079
Trend Micro / Apex One
|
cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*
|
14.0.0.17079 | |
|
Trend Micro Apex One (2019) On-prem Security Agent SP1 CP Build 17079
Trend Micro / Apex One Security Agent
|
14.0.0.17079 |
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 but exists in a different process protection communication mechanism.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Trend Micro Apex One (2019) On-prem SP1 CP Build 17079
Trend Micro / Apex One
|
cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*
|
14.0.0.17079 | |
|
Trend Micro Apex One (2019) On-prem Security Agent SP1 CP Build 17079
Trend Micro / Apex One Security Agent
|
14.0.0.17079 |
A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Trend Micro Apex One (2019) On-prem SP1 CP Build 17079
Trend Micro / Apex One
|
cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*
|
14.0.0.17079 | |
|
Trend Micro Apex One (2019) On-prem Security Agent SP1 CP Build 17079
Trend Micro / Apex One Security Agent
|
14.0.0.17079 |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "TrendAI has released updates to Apex One (on-premise), Apex One as a Service and Vision One - Standard Endpoint Protection (SEP) to resolve multiple vulnerabilities. ! ITW Notification: TrendAI has observed at least one instance of an attempt to actively exploit one of these vulnerabilities in the wild.",
"title": "Summary"
},
{
"category": "legal_disclaimer",
"text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. TREND MICRO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\n\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Trend Micro products.",
"title": "Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/legalcode) If you distribute this content, or a modified version of it, you must provide attribution to Trend Micro, Inc. and provide a link to the original.",
"title": "Document License"
},
{
"category": "summary",
"text": "Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.",
"title": "Mitigating Factors"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security@trendmicro.com",
"issuing_authority": "TrendAI PSIRT is responsible for vulnerability handling across all TrendAI supported products, including any end-of-life products.",
"name": "TrendAI (Trend Micro) PSIRT",
"namespace": "https://www.trendmicro.com/vulnerability"
},
"references": [
{
"category": "self",
"summary": "TrendAI Security Bulletin",
"url": "https://success.trendmicro.com/en-US/solution/KA-0023430"
},
{
"category": "self",
"summary": "2026-0521-TM-A1-001 - CSAF Version",
"url": "https://www.trendmicro.com/.well-known/csaf/2026/2026-0521-tm-a1-001.json"
}
],
"title": "ITW SECURITY BULLETIN: Apex One and Vision One and Standard Endpoint Protection (SEP) May 2026 Security Bulletin",
"tracking": {
"aliases": [
"KA-0019917"
],
"current_release_date": "2026-05-21T13:00:00.000Z",
"generator": {
"date": "2026-05-19T14:43:54.988Z",
"engine": {
"name": "Secvisogram",
"version": "2.6.1"
}
},
"id": "2026-0521-TM-A1-001",
"initial_release_date": "2026-05-21T13:00:00.000Z",
"revision_history": [
{
"date": "2026-05-21T13:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c14.0.0.17079",
"product": {
"name": "Trend Micro Apex One (2019) On-prem\u003c14.0.0.17079",
"product_id": "TM-A1-001"
}
},
{
"category": "product_version",
"name": "14.0.0.17079",
"product": {
"name": "Trend Micro Apex One (2019) On-prem SP1 CP Build 17079",
"product_id": "TM-A1-002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Apex One"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c14.0.20731",
"product": {
"name": "Trend Micro Apex One as a Service \u003c14.0.20731",
"product_id": "TM-A1SAAS-001"
}
},
{
"category": "product_version",
"name": "14.0.20731",
"product": {
"name": "Trend Micro Apex One as a Service 14.0.20731",
"product_id": "TM-A1SAAS-002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Apex One as a Service"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c14.0.0.17079",
"product": {
"name": "Trend Micro Apex One (2019) On-prem Security Agent\u003c14.0.0.17079",
"product_id": "TM-A1-003"
}
},
{
"category": "product_version",
"name": "14.0.0.17079",
"product": {
"name": "Trend Micro Apex One (2019) On-prem Security Agent SP1 CP Build 17079",
"product_id": "TM-A1-004"
}
}
],
"category": "product_name",
"name": "Apex One Security Agent"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c14.0.20731",
"product": {
"name": "Trend Micro Apex One as a Service Agent\u003c14.0.20731",
"product_id": "TM-A1SAAS-003"
}
},
{
"category": "product_version",
"name": "14.0.20731",
"product": {
"name": "Trend Micro Apex One as a Service Security Agent 14.0.20731",
"product_id": "TM-A1SAAS-004"
}
}
],
"category": "product_name",
"name": "Apex One as a Service Security Agent"
}
],
"category": "vendor",
"name": "Trend Micro"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"TrendAI Incident Response (IR) Team"
]
}
],
"cve": "CVE-2026-34926",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.",
"title": "CVE description"
},
{
"category": "description",
"text": "This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.",
"title": "Preconditions"
}
],
"product_status": {
"fixed": [
"TM-A1-002",
"TM-A1-004",
"TM-A1SAAS-002",
"TM-A1SAAS-004"
],
"known_affected": [
"TM-A1-001",
"TM-A1-003",
"TM-A1SAAS-001",
"TM-A1SAAS-003"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-21T13:00:00.000Z",
"details": "Update to SP1 CP Build 17079 or later",
"product_ids": [
"TM-A1-001",
"TM-A1-003"
],
"url": "http://downloadcenter.trendmicro.com/"
},
{
"category": "vendor_fix",
"date": "2026-05-21T13:00:00.000Z",
"details": "Update to Security Agent Version 14.0.20731 or later",
"product_ids": [
"TM-A1SAAS-001",
"TM-A1SAAS-003"
],
"url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.6,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"temporalScore": 6.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"TM-A1-001",
"TM-A1-003",
"TM-A1SAAS-001",
"TM-A1SAAS-003"
]
}
],
"title": "Server Directory Traversal Vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Lays (@_L4ys)"
],
"organization": "TRAPA Security",
"summary": "working with Trend Micro\u0027s Zero Day Initiative"
}
],
"cve": "CVE-2026-34927",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"notes": [
{
"category": "description",
"text": "An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.",
"title": "CVE description"
},
{
"category": "description",
"text": "Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
"title": "Preconditions"
}
],
"product_status": {
"fixed": [
"TM-A1-002",
"TM-A1-004"
],
"known_affected": [
"TM-A1-001",
"TM-A1-003"
]
},
"references": [
{
"category": "external",
"summary": "ZDI-CAN-27959",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-362/"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-21T13:00:00.000Z",
"details": "Update to SP1 CP Build 17079 or later",
"product_ids": [
"TM-A1-001",
"TM-A1-003"
],
"url": "http://downloadcenter.trendmicro.com/"
},
{
"category": "vendor_fix",
"date": "2026-05-21T13:00:00.000Z",
"details": "Update to Security Agent Version 14.0.20731 or later",
"product_ids": [
"TM-A1SAAS-001",
"TM-A1SAAS-003"
],
"url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"TM-A1-001",
"TM-A1-003"
]
}
],
"title": "Security Agent Origin Validation Error Local Privilege Vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Lays (@_L4ys)"
],
"organization": "TRAPA Security",
"summary": "working with Trend Micro\u0027s Zero Day Initiative"
}
],
"cve": "CVE-2026-34927",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"notes": [
{
"category": "description",
"text": "An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.",
"title": "CVE description"
},
{
"category": "description",
"text": "Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
"title": "Preconditions"
}
],
"product_status": {
"fixed": [
"TM-A1-002",
"TM-A1-004"
],
"known_affected": [
"TM-A1-001",
"TM-A1-003"
]
},
"references": [
{
"category": "external",
"summary": "ZDI-CAN-27959",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-362/"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-21T13:00:00.000Z",
"details": "Update to SP1 CP Build 17079 or later",
"product_ids": [
"TM-A1-001",
"TM-A1-003"
],
"url": "http://downloadcenter.trendmicro.com/"
},
{
"category": "vendor_fix",
"date": "2026-05-21T13:00:00.000Z",
"details": "Update to Security Agent Version 14.0.20731 or later",
"product_ids": [
"TM-A1SAAS-001",
"TM-A1SAAS-003"
],
"url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"TM-A1-001",
"TM-A1-003"
]
}
],
"title": "Security Agent Origin Validation Error Local Privilege Vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Lays (@_L4ys)"
],
"organization": "TRAPA Security",
"summary": "working with Trend Micro\u0027s Zero Day Initiative"
}
],
"cve": "CVE-2026-34929",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"notes": [
{
"category": "description",
"text": "An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism.",
"title": "CVE description"
},
{
"category": "description",
"text": "Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
"title": "Preconditions"
}
],
"product_status": {
"fixed": [
"TM-A1-002",
"TM-A1-004"
],
"known_affected": [
"TM-A1-001",
"TM-A1-003"
]
},
"references": [
{
"category": "external",
"summary": "ZDI-CAN-28077",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-362/"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-21T13:00:00.000Z",
"details": "Update to SP1 CP Build 17079 or later",
"product_ids": [
"TM-A1-001",
"TM-A1-003"
],
"url": "http://downloadcenter.trendmicro.com/"
},
{
"category": "vendor_fix",
"date": "2026-05-21T13:00:00.000Z",
"details": "Update to Security Agent Version 14.0.20731 or later",
"product_ids": [
"TM-A1SAAS-001",
"TM-A1SAAS-003"
],
"url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"TM-A1-001",
"TM-A1-003"
]
}
],
"title": "Security Agent Origin Validation Error Local Privilege Vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Lays (@_L4ys)"
],
"organization": "TRAPA Security",
"summary": "working with Trend Micro\u0027s Zero Day Initiative"
}
],
"cve": "CVE-2026-34930",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"notes": [
{
"category": "description",
"text": "An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism.",
"title": "CVE description"
},
{
"category": "description",
"text": "Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
"title": "Preconditions"
}
],
"product_status": {
"fixed": [
"TM-A1-002",
"TM-A1-004"
],
"known_affected": [
"TM-A1-001",
"TM-A1-003"
]
},
"references": [
{
"category": "external",
"summary": "ZDI-CAN-28089",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-362/"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-21T13:00:00.000Z",
"details": "Update to SP1 CP Build 17079 or later",
"product_ids": [
"TM-A1-001",
"TM-A1-003"
],
"url": "http://downloadcenter.trendmicro.com/"
},
{
"category": "vendor_fix",
"date": "2026-05-21T13:00:00.000Z",
"details": "Update to Security Agent Version 14.0.20731 or later",
"product_ids": [
"TM-A1SAAS-001",
"TM-A1SAAS-003"
],
"url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"TM-A1-001",
"TM-A1-003"
]
}
],
"title": "Security Agent Origin Validation Error Local Privilege Vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Lays (@_L4ys)"
],
"organization": "TRAPA Security",
"summary": "working with Trend Micro\u0027s Zero Day Initiative"
}
],
"cve": "CVE-2026-45206",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"notes": [
{
"category": "description",
"text": "An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism.",
"title": "CVE description"
},
{
"category": "description",
"text": "Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
"title": "Preconditions"
}
],
"product_status": {
"fixed": [
"TM-A1-002",
"TM-A1-004"
],
"known_affected": [
"TM-A1-001",
"TM-A1-003"
]
},
"references": [
{
"category": "external",
"summary": "ZDI-CAN-28118",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-362/"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-21T13:00:00.000Z",
"details": "Update to SP1 CP Build 17079 or later",
"product_ids": [
"TM-A1-001",
"TM-A1-003"
],
"url": "http://downloadcenter.trendmicro.com/"
},
{
"category": "vendor_fix",
"date": "2026-05-21T13:00:00.000Z",
"details": "Update to Security Agent Version 14.0.20731 or later",
"product_ids": [
"TM-A1SAAS-001",
"TM-A1SAAS-003"
],
"url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"TM-A1-001",
"TM-A1-003"
]
}
],
"title": "Security Agent Origin Validation Error Local Privilege Vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Lays (@_L4ys)"
],
"organization": "TRAPA Security",
"summary": "working with Trend Micro\u0027s Zero Day Initiative"
}
],
"cve": "CVE-2026-45207",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"notes": [
{
"category": "description",
"text": "An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 but exists in a different process protection communication mechanism.",
"title": "CVE description"
},
{
"category": "description",
"text": "Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
"title": "Preconditions"
}
],
"product_status": {
"fixed": [
"TM-A1-002",
"TM-A1-004"
],
"known_affected": [
"TM-A1-001",
"TM-A1-003"
]
},
"references": [
{
"category": "external",
"summary": "ZDI-CAN-29177",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-362/"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-21T13:00:00.000Z",
"details": "Update to SP1 CP Build 17079 or later",
"product_ids": [
"TM-A1-001",
"TM-A1-003"
],
"url": "http://downloadcenter.trendmicro.com/"
},
{
"category": "vendor_fix",
"date": "2026-05-21T13:00:00.000Z",
"details": "Update to Security Agent Version 14.0.20731 or later",
"product_ids": [
"TM-A1SAAS-001",
"TM-A1SAAS-003"
],
"url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"TM-A1-001",
"TM-A1-003"
]
}
],
"title": "Security Agent Origin Validation Error Local Privilege Vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Lays (@_L4ys)"
],
"organization": "TRAPA Security",
"summary": "working with Trend Micro\u0027s Zero Day Initiative"
}
],
"cve": "CVE-2026-45208",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"notes": [
{
"category": "description",
"text": "A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.",
"title": "CVE description"
},
{
"category": "description",
"text": "Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
"title": "Preconditions"
}
],
"product_status": {
"fixed": [
"TM-A1-002",
"TM-A1-004"
],
"known_affected": [
"TM-A1-001",
"TM-A1-003"
]
},
"references": [
{
"category": "external",
"summary": "ZDI-CAN-27982",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-362/"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-21T13:00:00.000Z",
"details": "Update to SP1 CP Build 17079 or later",
"product_ids": [
"TM-A1-001",
"TM-A1-003"
],
"url": "http://downloadcenter.trendmicro.com/"
},
{
"category": "vendor_fix",
"date": "2026-05-21T13:00:00.000Z",
"details": "Update to Security Agent Version 14.0.20731 or later",
"product_ids": [
"TM-A1SAAS-001",
"TM-A1SAAS-003"
],
"url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"TM-A1-001",
"TM-A1-003"
]
}
],
"title": "Security Agent Time-Of-Check Time-Of-Use Local Privilege Vulnerability"
}
]
}
CERTFR-2026-AVI-0642
Vulnerability from certfr_avis - Published: 2026-05-22 - Updated: 2026-05-22
De multiples vulnérabilités ont été découvertes dans les produits Trend Micro. Elles permettent à un attaquant de provoquer une élévation de privilèges et un contournement de la politique de sécurité.
Trend Micro indique que la vulnérabilité CVE-2026-34926 est activement exploitée
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Vision One | TrendAI Vision One SEP sans le correctif 14.0.20731 | ||
| Trend Micro | Apex One | Apex One sans le correctif de sécurité SP1 CP Build 18012 | ||
| Trend Micro | Apex One | Apex One sans le correctif de sécurité SP1 CP Build 17079 (pour une nouvelle installation) |
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "TrendAI Vision One SEP sans le correctif 14.0.20731",
"product": {
"name": "Vision One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One sans le correctif de s\u00e9curit\u00e9 SP1 CP Build 18012",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One sans le correctif de s\u00e9curit\u00e9 SP1 CP Build 17079 (pour une nouvelle installation)",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-45208",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45208"
},
{
"name": "CVE-2026-45206",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45206"
},
{
"name": "CVE-2026-45207",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45207"
},
{
"name": "CVE-2026-34928",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34928"
},
{
"name": "CVE-2026-34926",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34926"
},
{
"name": "CVE-2026-34930",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34930"
},
{
"name": "CVE-2026-34929",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34929"
},
{
"name": "CVE-2026-34927",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34927"
}
],
"initial_release_date": "2026-05-22T00:00:00",
"last_revision_date": "2026-05-22T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0642",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Trend Micro. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges et un contournement de la politique de s\u00e9curit\u00e9.\n\nTrend Micro indique que la vuln\u00e9rabilit\u00e9 CVE-2026-34926 est activement exploit\u00e9e",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Trend Micro",
"vendor_advisories": [
{
"published_at": "2026-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro KA-0023430",
"url": "https://success.trendmicro.com/en-US/solution/KA-0023430"
}
]
}
FKIE_CVE-2026-45208
Vulnerability from fkie_nvd - Published: 2026-05-21 14:16 - Updated: 2026-06-17 10:51| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/en-US/solution/KA-0023430 | Vendor Advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | apex_one | * | |
| trendmicro | apex_one | * |
{
"affected": [
{
"affectedData": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apexone_op:14.0.0.17079:*:*:*:*:*:*:*"
],
"product": "TrendAI Apex One",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.0.17079",
"status": "affected",
"version": "2019 (14.0)",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:trendmicro:apexone_saas:14.0.0.20731:*:*:*:*:*:*:*"
],
"product": "TrendAI Apex One as a Service",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.20731",
"status": "affected",
"version": "SaaS",
"versionType": "semver"
}
]
}
],
"source": "security@trendmicro.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:on-premises:windows:*:*",
"matchCriteriaId": "6F20657B-98A4-46BE-8481-12060262C850",
"versionEndExcluding": "14.0.0.17079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:windows:*:*",
"matchCriteriaId": "322053CC-D396-412E-9F81-7640FE9DB7BD",
"versionEndExcluding": "14.0.20731",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"id": "CVE-2026-45208",
"lastModified": "2026-06-17T10:51:46.540",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security@trendmicro.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-45208",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-21T00:00:00+00:00",
"version": "2.0.3"
}
}
]
},
"published": "2026-05-21T14:16:48.257",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/en-US/solution/KA-0023430"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "security@trendmicro.com",
"type": "Secondary"
}
]
}
GHSA-92RR-32PC-38G6
Vulnerability from github – Published: 2026-05-21 15:34 – Updated: 2026-05-21 15:34A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2026-45208"
],
"database_specific": {
"cwe_ids": [
"CWE-367"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-21T14:16:48Z",
"severity": "HIGH"
},
"details": "A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
"id": "GHSA-92rr-32pc-38g6",
"modified": "2026-05-21T15:34:09Z",
"published": "2026-05-21T15:34:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45208"
},
{
"type": "WEB",
"url": "https://success.trendmicro.com/en-US/solution/KA-0023430"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
JVNDB-2026-016802
Vulnerability from jvndb - Published: 2026-05-22 16:44 - Updated:2026-05-25 15:38- Relative path traversal in Apex One server (CWE-23) - CVE-2026-34926
- The only product that could be vulnerable to this exploit is TrendAI Apex One (On Premise).
- Origin validation error in Security Agent (CWE-346) - CVE-2026-34927,CVE-2026-34928,CVE-2026-34929,CVE-2026-34930,CVE-2026-45206,CVE-2026-45207
- Time-of-check time-of-use (TOCTOU) race condition in Security Agent (CWE-367) - CVE-2026-45208
| Type | URL | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-016802.html",
"dc:date": "2026-05-25T15:38+09:00",
"dcterms:issued": "2026-05-22T16:44+09:00",
"dcterms:modified": "2026-05-25T15:38+09:00",
"description": "Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises contain multiple vulnerabilities listed below.\u003cul\u003e\u003cli\u003eRelative path traversal in Apex One server (CWE-23) - CVE-2026-34926\u003cul\u003e\u003cli\u003eThe only product that could be vulnerable to this exploit is TrendAI Apex One (On Premise).\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eOrigin validation error in Security Agent (CWE-346) - CVE-2026-34927,CVE-2026-34928,CVE-2026-34929,CVE-2026-34930,CVE-2026-45206,CVE-2026-45207\u003c/li\u003e\u003cli\u003eTime-of-check time-of-use (TOCTOU) race condition in Security Agent (CWE-367) - CVE-2026-45208\u003c/li\u003e\u003c/ul\u003eTrend Micro Incorporated has reported that attacks exploiting CVE-2026-34926 have been observed in the wild.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-016802.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:trendai_apex_one",
"@product": "TrendAI Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:trendai_vision_one_endpoint_security-standard_endpoint_protection",
"@product": "TrendAI Vision One Endpoint Security - Standard Endpoint Protection",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:trend_micro_apex_one",
"@product": "Trend Micro Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-016802",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU90583059/index.html",
"@id": "JVNVU#90583059",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-34926",
"@id": "CVE-2026-34926",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-34927",
"@id": "CVE-2026-34927",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-34928",
"@id": "CVE-2026-34928",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-34929",
"@id": "CVE-2026-34929",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-34930",
"@id": "CVE-2026-34930",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-45206",
"@id": "CVE-2026-45206",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-45207",
"@id": "CVE-2026-45207",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-45208",
"@id": "CVE-2026-45208",
"@source": "CVE"
},
{
"#text": "https://www.jpcert.or.jp/english/at/2026/at260014.html",
"@id": "JPCERT-AT-2026-0014",
"@source": "JPCERT AT"
},
{
"#text": "https://cwe.mitre.org/data/definitions/23.html",
"@id": "CWE-23",
"@title": "Relative Path Traversal(CWE-23)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/346.html",
"@id": "CWE-346",
"@title": "Origin Validation Error(CWE-346)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/367.html",
"@id": "CWE-367",
"@title": "Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367)"
}
],
"title": "Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (May 2026)"
}
WID-SEC-W-2026-1643
Vulnerability from csaf_certbund - Published: 2026-05-21 22:00 - Updated: 2026-05-28 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Trend Micro Apex One Service <Security Agent build 14.0.20731
Trend Micro / Apex One
|
Service <Security Agent build 14.0.20731 | ||
|
Trend Micro Apex One <SP1 Build 17079
Trend Micro / Apex One
|
<SP1 Build 17079 | ||
|
Trend Micro Apex One <SP1 CP Build 18012
Trend Micro / Apex One
|
<SP1 CP Build 18012 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Trend Micro Apex One Service <Security Agent build 14.0.20731
Trend Micro / Apex One
|
Service <Security Agent build 14.0.20731 | ||
|
Trend Micro Apex One <SP1 Build 17079
Trend Micro / Apex One
|
<SP1 Build 17079 | ||
|
Trend Micro Apex One <SP1 CP Build 18012
Trend Micro / Apex One
|
<SP1 CP Build 18012 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Trend Micro Apex One Service <Security Agent build 14.0.20731
Trend Micro / Apex One
|
Service <Security Agent build 14.0.20731 | ||
|
Trend Micro Apex One <SP1 Build 17079
Trend Micro / Apex One
|
<SP1 Build 17079 | ||
|
Trend Micro Apex One <SP1 CP Build 18012
Trend Micro / Apex One
|
<SP1 CP Build 18012 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Trend Micro Apex One Service <Security Agent build 14.0.20731
Trend Micro / Apex One
|
Service <Security Agent build 14.0.20731 | ||
|
Trend Micro Apex One <SP1 Build 17079
Trend Micro / Apex One
|
<SP1 Build 17079 | ||
|
Trend Micro Apex One <SP1 CP Build 18012
Trend Micro / Apex One
|
<SP1 CP Build 18012 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Trend Micro Apex One Service <Security Agent build 14.0.20731
Trend Micro / Apex One
|
Service <Security Agent build 14.0.20731 | ||
|
Trend Micro Apex One <SP1 Build 17079
Trend Micro / Apex One
|
<SP1 Build 17079 | ||
|
Trend Micro Apex One <SP1 CP Build 18012
Trend Micro / Apex One
|
<SP1 CP Build 18012 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Trend Micro Apex One Service <Security Agent build 14.0.20731
Trend Micro / Apex One
|
Service <Security Agent build 14.0.20731 | ||
|
Trend Micro Apex One <SP1 Build 17079
Trend Micro / Apex One
|
<SP1 Build 17079 | ||
|
Trend Micro Apex One <SP1 CP Build 18012
Trend Micro / Apex One
|
<SP1 CP Build 18012 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Trend Micro Apex One Service <Security Agent build 14.0.20731
Trend Micro / Apex One
|
Service <Security Agent build 14.0.20731 | ||
|
Trend Micro Apex One <SP1 Build 17079
Trend Micro / Apex One
|
<SP1 Build 17079 | ||
|
Trend Micro Apex One <SP1 CP Build 18012
Trend Micro / Apex One
|
<SP1 CP Build 18012 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Trend Micro Apex One <SP1 Build 17079
Trend Micro / Apex One
|
<SP1 Build 17079 | ||
|
Trend Micro Apex One <SP1 CP Build 18012
Trend Micro / Apex One
|
<SP1 CP Build 18012 |
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Trend Micro Apex One ist eine Endpoint-Security L\u00f6sung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Trend Micro Apex One ausnutzen, um seine Privilegien zu erh\u00f6hen und beliebigen Code auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1643 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1643.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1643 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1643"
},
{
"category": "external",
"summary": "TrendMicro Security Bulletin vom 2026-05-21",
"url": "https://success.trendmicro.com/en-US/solution/KA-0023430"
}
],
"source_lang": "en-US",
"title": "Trend Micro Apex One: Mehrere Schwachstellen erm\u00f6glichen Privilegieneskalation und die Ausf\u00fchrung von Code",
"tracking": {
"current_release_date": "2026-05-28T22:00:00.000+00:00",
"generator": {
"date": "2026-05-29T07:10:45.015+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1643",
"initial_release_date": "2026-05-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-05-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-05-28T22:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: ZDI-26-325, ZDI-26-324, ZDI-26-322, ZDI-26-321, ZDI-26-320, ZDI-26-323, ZDI-26-326"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cSP1 CP Build 18012",
"product": {
"name": "Trend Micro Apex One \u003cSP1 CP Build 18012",
"product_id": "T054492"
}
},
{
"category": "product_version",
"name": "SP1 CP Build 18012",
"product": {
"name": "Trend Micro Apex One SP1 CP Build 18012",
"product_id": "T054492-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:trendmicro:apex_one:sp1_cp_build_18012"
}
}
},
{
"category": "product_version_range",
"name": "\u003cSP1 Build 17079",
"product": {
"name": "Trend Micro Apex One \u003cSP1 Build 17079",
"product_id": "T054493"
}
},
{
"category": "product_version",
"name": "SP1 Build 17079",
"product": {
"name": "Trend Micro Apex One SP1 Build 17079",
"product_id": "T054493-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:trendmicro:apex_one:sp1_build_17079"
}
}
},
{
"category": "product_version_range",
"name": "Service \u003cSecurity Agent build 14.0.20731",
"product": {
"name": "Trend Micro Apex One Service \u003cSecurity Agent build 14.0.20731",
"product_id": "T054494"
}
},
{
"category": "product_version",
"name": "Service Security Agent build 14.0.20731",
"product": {
"name": "Trend Micro Apex One Service Security Agent build 14.0.20731",
"product_id": "T054494-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:trendmicro:apex_one:service__security_agent_build_14.0.20731"
}
}
}
],
"category": "product_name",
"name": "Apex One"
}
],
"category": "vendor",
"name": "Trend Micro"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-34927",
"product_status": {
"known_affected": [
"T054494",
"T054493",
"T054492"
]
},
"release_date": "2026-05-21T22:00:00.000+00:00",
"title": "CVE-2026-34927"
},
{
"cve": "CVE-2026-34928",
"product_status": {
"known_affected": [
"T054494",
"T054493",
"T054492"
]
},
"release_date": "2026-05-21T22:00:00.000+00:00",
"title": "CVE-2026-34928"
},
{
"cve": "CVE-2026-34929",
"product_status": {
"known_affected": [
"T054494",
"T054493",
"T054492"
]
},
"release_date": "2026-05-21T22:00:00.000+00:00",
"title": "CVE-2026-34929"
},
{
"cve": "CVE-2026-34930",
"product_status": {
"known_affected": [
"T054494",
"T054493",
"T054492"
]
},
"release_date": "2026-05-21T22:00:00.000+00:00",
"title": "CVE-2026-34930"
},
{
"cve": "CVE-2026-45206",
"product_status": {
"known_affected": [
"T054494",
"T054493",
"T054492"
]
},
"release_date": "2026-05-21T22:00:00.000+00:00",
"title": "CVE-2026-45206"
},
{
"cve": "CVE-2026-45207",
"product_status": {
"known_affected": [
"T054494",
"T054493",
"T054492"
]
},
"release_date": "2026-05-21T22:00:00.000+00:00",
"title": "CVE-2026-45207"
},
{
"cve": "CVE-2026-45208",
"product_status": {
"known_affected": [
"T054494",
"T054493",
"T054492"
]
},
"release_date": "2026-05-21T22:00:00.000+00:00",
"title": "CVE-2026-45208"
},
{
"cve": "CVE-2026-34926",
"product_status": {
"known_affected": [
"T054493",
"T054492"
]
},
"release_date": "2026-05-21T22:00:00.000+00:00",
"title": "CVE-2026-34926"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.