Urgent Security Alert: Trend Micro Apex One Zero-Day Vulnerability Exploited
Trend Micro users beware - dangerous Apex One zero-day exploited in the wild
Image: Techradar Au
A serious zero-day vulnerability, tracked as CVE-2026-34926, has been discovered in Trend Micro's Apex One, allowing local administrators to inject malicious code. Despite its medium severity, exploitation attempts have been reported, prompting CISA to include it in the KEV catalog and set a patch deadline for federal agencies by June 4, 2026.
- 01CVE-2026-34926 is a directory traversal vulnerability in the on-premise version of Apex One, rated 6.7/10 in severity.
- 02Exploitation requires prior administrative access, but at least one attempt has already been observed.
- 03CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog, mandating federal agencies to patch or cease using Apex One by June 4, 2026.
- 04Trend Micro's Apex One is widely used for endpoint protection against various cyber threats.
- 05The vulnerability allows attackers to modify server tables to inject malicious code into affected installations.
Advertisement
In-Article Ad
Trend Micro has issued a critical patch for a zero-day vulnerability in its Apex One endpoint protection platform, identified as CVE-2026-34926. This medium-severity flaw allows local administrators to exploit directory traversal, enabling them to inject malicious code into the system. Despite requiring administrative access, there has already been at least one reported attempt to exploit this vulnerability. The Cybersecurity and Infrastructure Security Agency (CISA) has included this vulnerability in its Known Exploited Vulnerabilities (KEV) catalog, which mandates that federal agencies must apply the patch or discontinue use of Apex One by June 4, 2026. CISA emphasized the risks posed by such vulnerabilities, stating that they are frequent targets for cybercriminals. Organizations using Apex One are urged to take immediate action to mitigate the risks associated with this vulnerability.
Advertisement
In-Article Ad
Organizations using Apex One could face significant security risks if the vulnerability is not patched.
Advertisement
In-Article Ad
Reader Poll
How concerned are you about cybersecurity vulnerabilities in software?
Connecting to poll...
Read the original article
Visit the source for the complete story.