Advisories 26 May 2026 / 0 Comments

Trend Micro Apex One Directory Traversal Zero-Day Added to CISA KEV (CVE-2026-34926)

Scope: Trend Micro Apex One On-Premises (Server and Agent Builds Below 17079)

Severity: High

A directory traversal zero-day (CVE-2026-34926) in Trend Micro Apex One's on-premises server, discovered by Trend Micro's own incident response team during investigation of real-world activity, allows a pre-authenticated local attacker with admin credentials to modify a key database table on the Apex One server and inject malicious code that is then pushed silently to all connected endpoint agents across the enterprise network. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog on May 21, 2026, mandating that federal agencies patch by June 4, and Trend Micro has confirmed at least one confirmed exploitation attempt in the wild. Organizations should upgrade to Apex One SP1 Critical Patch Build 18012 for existing SP1 installations, or SP1 Build 17079 for new deployments, and restrict local administrative access to Apex One servers as an additional layer of defense.

The Uganda National CERT and Coordination Center (CERT.UG/CC) encourages users and administrators to review the recommendations and apply the necessary updates.

Trend Micro Apex One Directory Traversal Zero-Day Added to CISA KEV (CVE-2026-34926)

Drupal Core SQL Injection Under Active Mass Exploitation Added to CISA KEV (CVE-2026-9082)

Recent Advisories

Categories

Contact info

Useful Links

Subscribe to our Mailing List

Trend Micro Apex One Directory Traversal Zero-Day Added to CISA KEV (CVE-2026-34926)

RELATED ADVISORIES

Drupal Core SQL Injection Under Active Mass Exploitation Added to CISA KEV (CVE-2026-9082)

Recent Advisories

Categories