Skip to content

Trend Micro Warns of Zero-Day in Apex One Being Actively Exploited

The bottom line: Trend Micro has patched a zero-day vulnerability (CVE-2026-34926) in Apex One that is already being exploited by attackers. CISA has ordered federal agencies to patch by June 4.

Japanese cybersecurity company Trend Micro has patched a critical zero-day security flaw in its Apex One platform for enterprise endpoint security that is already being exploited by attackers in real-world attacks against Windows systems.

The vulnerability, registered as CVE-2026-34926, is a directory traversal flaw in the on-premises Apex One server that allows attackers with administrative rights to inject malicious code. Trend Micro warned on Thursday that this vulnerability allows pre-authenticated local attackers to manipulate a critical table on the server to deploy malicious code to agents in affected installations.nnAlthough exploiting this vulnerability has high requirements – an attacker needs access to the Apex One server and administrative credentials – TrendAI has observed at least one exploitation attempt in the wild. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-34926 to its list of actively exploited vulnerabilities and has ordered federal agencies to update their systems by June 4.nnAdditionally, Trend Micro released security updates for seven local privilege escalation vulnerabilities in the Apex One Standard Endpoint Protection Agent. Trend Micro Apex One is regularly targeted by threat actors – in recent years there have been multiple zero-day exploits, including a remote code execution bug in August 2025 and additional critical flaws in September 2022 and 2023. CISA currently documents 12 Trend Micro Apex vulnerabilities that are either already being or continue to be exploited in attacks.

Share on: