What products are affected by CVE-2026-34926?

CVE-2026-34926 affects Trend Micro Apex One. Refer to the vendor advisory and NVD record for affected versions.

What is the EPSS score for CVE-2026-34926?

CVE-2026-34926 has an EPSS score of 1.0%, placing it in the 78th percentile. This means it has a 1.0% probability of being exploited in the next 30 days, higher than 78% of all known vulnerabilities. EPSS (Exploit Prediction Scoring System) is maintained by FIRST and uses real-world threat data to estimate exploitation likelihood.

Actively Exploited — CISA KEV

CVE-2026-34926: Trend Micro Apex One Vulnerability

Severity: Medium | CVSS 3.1: 6.7 | Published: 2026-05-21 | KEV Added: 2026-05-21

What is CVE-2026-34926?

A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.

Technical Analysis

Weakness Classification

This vulnerability is classified as CWE-23.

Attack Vector Breakdown

Attack Vector: Local
Attack Complexity: High
Privileges Required: High
User Interaction: None
Scope: Changed
Confidentiality: High
Integrity: Low
Availability: Low

Impact Analysis

Exploitation requires local access to the target system, such as a local user session or a malicious file opened by a user. Successful exploitation can result in full confidentiality breach (complete data disclosure). Notably, the vulnerability's scope is changed, meaning exploitation can affect resources beyond the vulnerable component — for example, escaping a sandbox or container to impact the host system.

Exploitation Probability (EPSS): 1.0% chance of exploitation in the next 30 days (78th percentile). While the base probability may appear low, inclusion in CISA KEV confirms real-world exploitation is already occurring.

Is CVE-2026-34926 being exploited?

Yes. CVE-2026-34926 is listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, restricted to CVEs with confirmed active exploitation in the wild. CISA added this vulnerability on 2026-05-21. Inclusion in KEV triggers the patching mandate under BOD 22-01 for U.S. federal civilian agencies, with a remediation deadline of 2026-06-04.

How to fix CVE-2026-34926

Apply the security update issued by Trend Micro for Apex One. If an immediate patch is not possible, consult the vendor advisory for mitigation guidance, restrict network exposure of the affected service, and monitor logs for indicators of exploitation. CISA's Known Exploited Vulnerabilities catalog requires U.S. federal agencies to remediate this vulnerability by the due date shown below under Binding Operational Directive 22-01. Private organizations should treat KEV entries as priority-one patches because active exploitation has been confirmed in the wild.

Related Vulnerabilities

Other actively exploited vulnerabilities affecting Apex One or sharing the same weakness (CWE-23):

CVE-2025-54948 (Critical 9.4) [same product] — A vulnerability in Trend Micro Apex One (on-premise) management console could…
CVE-2024-27199 (High 7.3) [same CWE] — In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform…

Frequently asked questions

Is CVE-2026-34926 critical?

CVE-2026-34926 has a CVSS 3.1 base score of 6.7 — Medium severity. Prioritize based on exposure and the active exploitation signal from the KEV listing.

Is CVE-2026-34926 being actively exploited?

Yes — CISA added CVE-2026-34926 to the Known Exploited Vulnerabilities catalog on 2026-05-21. Inclusion in KEV means CISA has confirmed in-the-wild exploitation.

How do I patch CVE-2026-34926?

Apply the security update from Trend Micro for Apex One. Federal agencies must remediate by 2026-06-04 under BOD 22-01.

What type of vulnerability is CVE-2026-34926?

CVE-2026-34926 is classified under CWE-23.

What is the CVSS score for CVE-2026-34926?

CVE-2026-34926 has a CVSS 3.1 base score of 6.7, classifying it as Medium severity. The attack vector is Local, attack complexity is High, and non-zero privileges are required.