CVE-2026-34926: Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
Summary
Trend Micro Apex One (on-premise) has a directory traversal vulnerability (CVE-2026-34926) that could allow a local attacker to inject malicious code. This vulnerability requires immediate mitigation by applying vendor instructions or discontinuing product use if mitigations are unavailable.
IFF Assessment
The discovery of a directory traversal vulnerability that allows for code injection is bad news for defenders, as it presents a clear attack vector.
Severity
The vulnerability has a high attack complexity and requires local access, but it allows for significant impact through code injection and modification of critical system tables. This estimation places it within the 'High' severity range.
CISA KEV: Listed as actively exploited. Federal patch due: June 04, 2026. Known ransomware use: Unknown.
Defender Context
This vulnerability in Trend Micro Apex One allows for code injection, posing a significant risk for organizations using the on-premise version. Defenders should prioritize applying vendor-provided mitigations or consider alternative solutions if patching is not feasible. This highlights the ongoing need for diligent vulnerability management and timely patching of endpoint security solutions.