By estherdidsang@gmail.com 
- Trend Micro patches CVE‑2026‑34926, a medium‑severity directory traversal flaw in Apex One (on‑prem) that lets local admins inject malicious code
- Despite requiring prior admin access, the bug is already being exploited in the wild, prompting urgent patching guidance
- CISA adds it to the KEV catalog, giving federal agencies until June 4 2026 to update or discontinue use per BOD 22‑01 directives
A dangerous vulnerability in Trend Micro’s Apex One product is being actively abused in the wild, researchers have warned, urging users to apply the provided patch as soon as possible.
Apex One is Trend Micro’s endpoint protection platform (EPP) built to protect enterprise devices from malware, ransomware, fileless attacks, and various other cyber-threats. It uses a combination of antivirus capabilities, behavioral analysis, machine learning, and EDR/XDR. It appears to be rather popular, with some sources counting the number of customers in the thousands.
The company has now issued a patch for a directory traversal vulnerability in the on-prem variant of Apex One which could allow local actors (with admin privileges) to inject malicious code.
Capturing tokens
“A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations,” the NVD entry reads.
“This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.”
The bug is now tracked as CVE-2026-34926 and carries a severity score of 6.7/10 (medium).
While it all points to a somewhat low-risk vulnerability, Trend Micro said that it saw “at least one” exploitation attempt, already.
We don’t know if one attempt is enough to get listed in CISA’s Known Exploited Vulnerabilities (KEV) database, but the US agency just did that. Last Thursday, CISA disclosed a new entry in the catalog, giving Federal Civilian Executive Branch (FCEB) agencies a deadline of June 4 to apply the patch or stop using Apex One entirely.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said. “Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.”
Via BleepingComputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.