CVE-2026-34926: A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker t

Description

A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.

Affected Products

Vendor	Product	Versions
trend micro	trendai apex one	2019 (14.0), SaaS

References

Related News (1 articles)

Tier C

VulDB1h ago

CVE-2026-34926 | Trend Micro TrendAI Apex One/TrendAI Apex One as a Service path traversal

→ No new info (linked only)

CVSS 3.16.7 MEDIUM

VectorCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L

CISA KEV❌ No

Actively exploited❌ No

Patch available

14.0.0.1707914.0.20731

CWECWE-23

PublishedMay 21, 2026

Last enriched31m agov2

Trending Score29

Source articles2

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

Version History

Last enriched 31m ago

v2Tier C31m ago

Updated vendor to 'Trend Micro', product to 'TrendAI Apex One as a Service', severity to 'HIGH', and corrected exploit availability to false.

descriptionseverity

via VulDB

v11h ago

Initial creation

CVE-2026-34926: A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker t

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (5)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History