Skip to content
Activamente explotadaCVSS 6.7 · MEDIUM

CVE-2026-34926

Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.

Ver en NVD

Severidad

Puntaje: 6.7(MEDIUM)
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L
AV: LOCAL
AC: HIGH
PR: HIGH
UI: NONE
S: CHANGED
C: HIGH
I: LOW
A: LOW
Tipo de falla (CWE): CWE-23

CISA KEV

Agregada al KEV: 2026-05-21
Fecha límite federal: 2026-06-04
Uso conocido en ransomware: Unknown
Acción requerida

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

EPSS

Probabilidad de explotación (próx. 30 días): 0.0019 (0.2%)
Percentil: 40.9%
EPSS: 2026-05-26

Afecta

trendmicro:apex_one

Descripción técnica

A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.

Publicada: 21/5/2026, 14:16:45
Última modificación: 22/5/2026, 12:47:18

Referencias

InicioEventosBlogRecursosEquipo