CVE-2026-34926: CWE-23: Relative Path Traversal in Trend Micro, Inc. TrendAI Apex One
A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.
AI Analysis
Technical Summary
This vulnerability (CWE-23) in Trend Micro TrendAI Apex One on-premise server enables a local attacker who already has administrative privileges to perform a relative path traversal. This allows modification of a critical table on the server to inject malicious code that can be propagated to managed agents. The attack vector is local with high attack complexity and requires high privileges, but results in high confidentiality impact, low integrity impact, and low availability impact. No patch or official remediation guidance has been provided yet, and no known exploits are reported in the wild.
Potential Impact
If exploited, an attacker with administrative access to the Apex One server could inject malicious code into a key server table, potentially compromising the confidentiality of data and affecting the integrity and availability of the system to a lesser extent. Since exploitation requires prior administrative credentials and local access, the risk is limited to environments where such access is already obtained by an attacker.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, ensure strict control and monitoring of administrative access to the Apex One server. Since exploitation requires administrative credentials, protecting these credentials and limiting local access to the server are critical interim mitigations.
CVE-2026-34926: CWE-23: Relative Path Traversal in Trend Micro, Inc. TrendAI Apex One
Description
A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CWE-23) in Trend Micro TrendAI Apex One on-premise server enables a local attacker who already has administrative privileges to perform a relative path traversal. This allows modification of a critical table on the server to inject malicious code that can be propagated to managed agents. The attack vector is local with high attack complexity and requires high privileges, but results in high confidentiality impact, low integrity impact, and low availability impact. No patch or official remediation guidance has been provided yet, and no known exploits are reported in the wild.
Potential Impact
If exploited, an attacker with administrative access to the Apex One server could inject malicious code into a key server table, potentially compromising the confidentiality of data and affecting the integrity and availability of the system to a lesser extent. Since exploitation requires prior administrative credentials and local access, the risk is limited to environments where such access is already obtained by an attacker.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, ensure strict control and monitoring of administrative access to the Apex One server. Since exploitation requires administrative credentials, protecting these credentials and limiting local access to the server are critical interim mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- trendmicro
- Date Reserved
- 2026-03-31T17:22:13.504Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a0f0c4d7b8e1438d00559c0
Added to database: 5/21/2026, 1:44:45 PM
Last enriched: 5/21/2026, 2:00:33 PM
Last updated: 5/21/2026, 4:25:59 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.