TrendAI, part of Trend Micro's enterprise division, has announced the release of a patch for a significant vulnerability in its Apex One software. This zero-day vulnerability, identified as CVE-2026-34926, is a medium-severity directory traversal flaw that poses a serious security risk. It allows an unauthenticated local attacker to alter a crucial table on the server, injecting malicious code that could be deployed to various agents within the affected systems. However, the attack requires administrative credentials and targets only the on-premises version of Apex One.
The vulnerability was discovered by TrendAI’s internal incident response team. Although there is no detailed public information about the specific attacks exploiting this flaw, it is known that Apex products are frequently targeted by threat actors. Historically, some of these attacks have been associated with Chinese state-sponsored hackers. Given the level of access needed to exploit this vulnerability, it is likely that advanced persistent threats (APTs) are involved.
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-34926 to its Known Exploited Vulnerabilities catalog, urging federal agencies to mitigate this vulnerability by June 4. This addition underscores the urgency of addressing the flaw, as CISA's catalog includes several other critical vulnerabilities related to Apex products.
In response, TrendAI has not only patched this particular issue but also addressed several other high-severity vulnerabilities in its latest Apex One updates. These updates are crucial for preventing local privilege escalation attacks. TrendAI advises organizations to apply these patches promptly, review remote access protocols to critical systems, and ensure that their security policies and perimeter defenses are current.


