Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
2505 articles · 173808 vulns · 37/41 feeds (7d)
← Back to list
7.8
CVE-2026-34928PATCHED
trend micro · apex one

CVE-2026-34928: An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affe

Description

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different named pipe communication mechanism. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Affected Products

VendorProductVersions
trend microapex one2019 (14.0), SaaS

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
trend microapex onecert_advisory90%

References

  • https://success.trendmicro.com/en-US/solution/KA-0023430

Related News (3 articles)

Tier B
BSI Advisories49d ago
[NEU] [mittel] Trend Micro Apex One: Mehrere Schwachstellen ermöglichen Privilegieneskalation und die Ausführung von Code
→ No new info (linked only)
Tier B
CERT-FR49d ago
Multiples vulnérabilités dans les produits Trend Micro (22 mai 2026)
→ No new info (linked only)
Tier C
VulDB50d ago
CVE-2026-34928 | Trend Micro TrendAI Apex One/TrendAI Apex One as a Service origin validation (EUVD-2026-31286)
→ No new info (linked only)
CVSS 3.17.8 HIGH
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA KEV❌ No
Actively exploited❌ No
Patch available
14.0.0.1707914.0.20731
CWECWE-346
PublishedMay 21, 2026
Last enriched50d agov2
Trending Score0
Source articles3
Independent3
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

HIGHCVE-2025-71213
CVE-2025-71213: An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on
HIGHCVE-2025-71215
CVE-2025-71215: A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification c
HIGHCVE-2025-71212
CVE-2025-71212: A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileg
HIGHCVE-2026-34930
CVE-2026-34930: An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affe
MEDIUMCVE-2026-34926EXPKEV
CVE-2026-34926: A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker t

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
May 21, 2026
Discovered by ZDM
May 21, 2026
Updated: severity
May 21, 2026
Patch Available
May 22, 2026

Version History

v2
Last enriched 50d ago
v2Tier C50d ago

Updated severity to CRITICAL and noted that there is no available exploit.

severity
via VulDB
v150d ago

Initial creation