CVE-2026-34926MEDIUM 6.7CISA KEVEPSS p61.7%

CVE-2026-34926Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability

Trend Micro / Apex One

Description

Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.

Scoring

CVSS 3.16.7 (MEDIUM)
VectorCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L
EPSS1.11% probability of exploitation · percentile 61.7% · 2026-06-18T12:00:27Z
Published2026-05-21
Last modified2026-05-22

CISA KEV entry

Added to KEV: 2026-05-21

Underlying weaknesses· 1

CWE-23

References

  1. https://jvn.jp/en/vu/JVNVU90583059/
  2. https://success.trendmicro.com/en-US/solution/KA-0023430
  3. https://success.trendmicro.com/ja-JP/solution/KA-0022974
  4. https://www.jpcert.or.jp/english/at/2026/at260014.html
  5. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34926

1

TypeTargetConfidenceTier
WeaknessRelative Path Traversalcwe-230%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryTrend Micro Apex One (On-Premise) Directory Traversal Vulnerabilitykev-cve-2026-349260%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Trend Micro Apex One OS Command Injection Vulnerability
CVE
CVE-2025-49155
CVE
Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability
CVE
Trend Micro Multiple Products Improper Access Control Vulnerability
CVE
CVE-2022-40139
CVE
Trend Micro Multiple Products Improper Input Validation Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.