CVE-2026-34926
Trend Micro · Apex One
A directory traversal vulnerability in the Trend Micro Apex One on-premise server allows authenticated administrators to inject malicious code to deploy to managed endpoints.
Executive summary
Trend Micro Apex One is affected by a critical directory traversal vulnerability that allows administrative users to weaponize the security platform for malware distribution.
Vulnerability
This is a directory traversal vulnerability requiring an attacker to already possess administrative credentials for the Apex One Server. Once exploited, it allows for the modification of internal tables to distribute malicious payloads to all managed agents.
Business impact
The CVSS score of 9.5 reflects the severe impact of this vulnerability, which effectively turns a security management tool into a vector for malware propagation. A compromise of the Apex One server allows an attacker to bypass traditional endpoint security controls across the entire enterprise environment, leading to widespread system infection and loss of control over the managed fleet.
Remediation
Immediate Action: Update on-premise servers to Apex One SP1 Critical Patch Build 18012 and baseline build 17079, and update agents to build 14.0.20731 or higher.
Proactive Monitoring: Audit administrative access logs and monitor for unauthorized modifications to server configuration files or software deployment tasks.
Compensating Controls: Restrict access to the Apex One management console to known, secure administrative workstations and ensure all administrative sessions are monitored.
Exploitation status
Public Exploit Available: True
Analyst recommendation
This vulnerability represents an existential threat to the security of the managed endpoint environment. Administrators must move quickly to apply the provided patches, as successful exploitation results in the total failure of the organization's primary endpoint defense mechanism.